Function derive_setup_key 

pub fn derive_setup_key(
    password: &PasswordString,
    public_iv: &Iv16,
    iterations: u32,
    out_key: &mut Aes256Key32,
) -> Result<(), AescryptError>

Derives the AES-256 setup key from a password and public IV using PBKDF2-HMAC-SHA512.

The setup key is the master key used to encrypt the AES Crypt v3 session block. It is derived from the user’s password and the per-file public IV (which doubles as the PBKDF2 salt). This is the only place in the v3 encryption path where the password touches real cryptography; the bulk payload uses a separate, randomly generated session key.

Errors

• AescryptError::Header — iterations is outside PBKDF2_MIN_ITER ..= PBKDF2_MAX_ITER.
• AescryptError::Crypto — the underlying PBKDF2 implementation rejected its parameters (forwarded from crate::derive_pbkdf2_key).

Security

• 32-byte output written directly into the caller-provided Aes256Key32 without ever materializing the key in a non-zeroizing buffer.
• The public IV is reused as the PBKDF2 salt by the AES Crypt v3 spec; it must be unique per file (callers using crate::encrypt() get a CSPRNG-generated public IV automatically).
• Iteration count is the only password-cracking-resistance knob; never go below DEFAULT_PBKDF2_ITERATIONS for new files.