{ "mode": "man", "parameter": "EVP_KDF-PBKDF2", "section": "7ssl", "url": "https://www.chedong.com/phpMan.php/man/EVP_KDF-PBKDF2/7ssl/json", "generated": "2026-06-03T01:48:20Z", "sections": { "NAME": { "content": "EVPKDF-PBKDF2 - The PBKDF2 EVPKDF implementation\n", "subsections": [] }, "DESCRIPTION": { "content": "Support for computing the PBKDF2 password-based KDF through the EVPKDF API.\n\nThe EVPKDF-PBKDF2 algorithm implements the PBKDF2 password-based key derivation function, as\ndescribed in SP800-132; it derives a key from a password using a salt and iteration count.\n", "subsections": [ { "name": "Identity", "content": "\"PBKDF2\" is the name for this implementation; it can be used with the EVPKDFfetch()\nfunction.\n" }, { "name": "Supported parameters", "content": "The supported parameters are:\n\n\"pass\" (OSSLKDFPARAMPASSWORD) \n\"salt\" (OSSLKDFPARAMSALT) \n\"iter\" (OSSLKDFPARAMITER) \nThis parameter has a default value of 2048.\n\n\"properties\" (OSSLKDFPARAMPROPERTIES) \n\"digest\" (OSSLKDFPARAMDIGEST) \nThese parameters work as described in \"PARAMETERS\" in EVPKDF(3).\n\n\"pkcs5\" (OSSLKDFPARAMPKCS5) \nThis parameter can be used to enable or disable SP800-132 compliance checks. Setting the\nmode to 0 enables the compliance checks.\n\nThe checks performed are:\n\n- the iteration count is at least 1000.\n- the salt length is at least 128 bits.\n- the derived key length is at least 112 bits.\n\nThe default provider uses a default mode of 1 for backwards compatibility, and the fips\nprovider uses a default mode of 0.\n\nThe value string is expected to be a decimal number 0 or 1.\n" } ] }, "NOTES": { "content": "A typical application of this algorithm is to derive keying material for an encryption\nalgorithm from a password in the \"pass\", a salt in \"salt\", and an iteration count.\n\nIncreasing the \"iter\" parameter slows down the algorithm which makes it harder for an\nattacker to perform a brute force attack using a large number of candidate passwords.\n\nNo assumption is made regarding the given password; it is simply treated as a byte sequence.\n", "subsections": [] }, "CONFORMING TO": { "content": "SP800-132\n", "subsections": [] }, "SEE ALSO": { "content": "EVPKDF(3), EVPKDFCTXnew(3), EVPKDFCTXfree(3), EVPKDFCTXsetparams(3),\nEVPKDFderive(3), \"PARAMETERS\" in EVPKDF(3)\n", "subsections": [] }, "HISTORY": { "content": "This functionality was added to OpenSSL 3.0.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-04-07 EVPKDF-PBKDF2(7SSL)", "subsections": [] } }, "summary": "EVPKDF-PBKDF2 - The PBKDF2 EVPKDF implementation", "flags": [], "examples": [], "see_also": [ { "name": "EVPKDF", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json" }, { "name": "EVPKDFCTXnew", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXnew/3/json" }, { "name": "EVPKDFCTXfree", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXfree/3/json" }, { "name": "EVPKDFCTXsetparams", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXsetparams/3/json" }, { "name": "EVPKDFderive", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFderive/3/json" }, { "name": "EVPKDF", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json" } ] }