If you are using version 1.47 or higher of SpongyCastle, you can directly call PBKDF2WithHmacSHA256:
PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(new SHA256Digest()); generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), salt, iterations); KeyParameter key = (KeyParameter)generator.generateDerivedMacParameters(keySizeInBits);
In versions BC <1.47, you cannot specify SHA256 digest and by default it is SHA1.