I am trying to figure out how to use a custom password with a JWK that uses the password for key wrapping. The JWA spec contains for example "PBES2-HS512+A256KW", which does "PBES2 with HMAC SHA-512 and 'A256KW' wrapping". So, if I understand correctly, PBES2 involves using a KDF, so can I just use a password and a key will be derived from that is used to encrypt a randomly generated DEK?
For example,
{"alg":"PBES2-HS512+A256KW","k":"<whatsexpectedhere?>","key_ops":["wrapKey","unwrapKey"],"kty":"oct"}
I am wondering, what I can put into the "k" field and whether there are any requirements for entropy, length apart from being in "oct" format (when using "PBES2-HS512+A256KW" or a similar alg). I have not found anything in the RFCs so far.
