# 警告：openssl_verify()：提供的密钥参数无法转换为公钥，位置：/var/www/app/src/Auth/JwtValidator.php第42行

- **ID:** `php/openssl-key-format-mismatch`
- **领域:** php
- **类别:** auth_error
- **错误码:** `E_WARNING`
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

提供给openssl_verify()的公钥格式不受支持（例如PKCS#1而非PKCS#8，或缺少正确的PEM头），导致OpenSSL拒绝该密钥。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| PHP 7.4 | active | — | — |
| PHP 8.0 | active | — | — |
| PHP 8.1 | active | — | — |
| PHP 8.2 | active | — | — |
| PHP 8.3 | active | — | — |
| OpenSSL 1.1.1 | active | — | — |
| OpenSSL 3.0 | active | — | — |

## 解决方案

1. ```
   Ensure the public key is in PKCS#8 PEM format. Convert if needed using OpenSSL CLI: `openssl pkey -in private_key.pem -pubout -out public_key.pem`. Then load it in PHP with `$key = file_get_contents('/path/to/public_key.pem');` and ensure no extra whitespace.
   ```
2. ```
   Use `openssl_get_publickey()` instead of passing the key string directly; this function auto-detects and converts formats. Example: `$pubKey = openssl_get_publickey(file_get_contents('key.pem')); if ($pubKey === false) { echo openssl_error_string(); }`
   ```

## 无效尝试

- **** — The issue is the key format structure (PEM headers, line breaks), not just encoding. A raw binary key without proper boundaries will fail the same way. (90% 失败率)
- **** — Extra whitespace or BOM can corrupt the PEM header; OpenSSL requires exact format: `-----BEGIN PUBLIC KEY-----` on its own line. (85% 失败率)