# `Charon.Utils.KeyGenerator`
[🔗](https://github.com/weareyipyip/charon/blob/v4.3.0/lib/charon/utils/key_generator.ex#L1)

Derive a key from a base secret using PBKDF2.

# `opts`

```elixir
@type opts() :: [
  length: pos_integer(),
  iterations: pos_integer(),
  digest: :sha | :sha224 | :sha256 | :sha384 | :sha512,
  log: false | :debug | :info | :warning | :error
]
```

# `derive_key`

```elixir
@spec derive_key(binary(), binary(), opts()) :: binary()
```

Derive a new key from `base_secret` using `salt`.

## Options

  - `:length` key length in bytes, default 32 (256 bits)
  - `:iterations` hash iterations to derive new key, default 250_000
  - `:digest` hashing algorithm used as pseudo-random function, default `:sha256`
  - `:log` log level for this operation (default `:warning`), or `false` to disable logging. Logging helps identify call sites that may need caching after the v4 breaking change removed the built-in cache.

## Doctests

    iex> derive_key("secret", "salt", length: 5, iterations: 1)
    <<56, 223, 66, 139, 48>>

---

*Consult [api-reference.md](api-reference.md) for complete listing*