randarium
Keys

Encryption Key Generator

Generate random cryptographic keys suitable for symmetric encryption algorithms like AES. Choose the key size (128, 192, 256, or 512 bits) and output encoding (hexadecimal or base64). Generate one key or many at once.

Also known as: crypto key · symmetric key · secret key

secure · crypto RNG

Private by design. Your encryption key is generated locally and never saved, uploaded, or shared — only your settings can be, and only when you choose.

Presets

Output

No output yet — set your options and hit .
About this tool, tips & examples

What it does

The Encryption Key Generator creates random cryptographic key material for symmetric encryption algorithms like AES. Choose the key size — 128, 192, 256, or 512 bits — pick hexadecimal or base64 encoding, and generate one key or a batch. Every byte comes from your browser’s cryptographic RNG via the Web Crypto API; nothing is ever seeded or reproducible.

Common use cases

  • AES keys — 128/192/256-bit keys in the encoding your library expects.
  • Master keys for derivation — high-entropy input material for KDFs (HKDF, PBKDF2-wrapped secrets).
  • Testing encryption systems — fresh keys for encrypt/decrypt test suites, key-rotation drills, and staging environments.
  • Configuration secrets — random key material for services that take a hex or base64 secret in an environment variable.

Settings

  • Key size — 128 bits (fast, still strong), 192, 256 (the usual recommendation for AES-256), or 512 bits for specialized uses like HMAC-SHA-512 keys.
  • Encoding — hexadecimal (64 chars for 256 bits) or base64 (44 chars) — match whatever your library or config format expects.
  • How many — one key or a batch, exportable as text, CSV, or JSON.

Privacy note

Everything runs locally in your browser using the Web Crypto API. Keys are never uploaded, logged, saved automatically, or included in share links — only settings can be saved, never key material. There is no seed: secure output must not be reproducible.

FAQ

Which key size should I choose? AES-256 (256 bits) is the safe default. AES-128 remains unbroken and is slightly faster; 512-bit output is for algorithms that want larger keys (e.g. HMAC-SHA-512), not for AES itself.

Hex or base64? Purely a formatting choice — the entropy is identical. Hex is easier to eyeball and grep; base64 is shorter and standard in many config formats.

Is a key generated in a browser safe to use? The randomness is cryptographic (crypto.getRandomValues) and never leaves your machine. The practical risks are the same as any secret on your device: clipboard history, screen sharing, and where you paste it next.

Key vs password vs token? Keys are raw algorithm material (this tool); passwords are for humans (Password Generator); tokens are bearer secrets for APIs (Secure Token / API Key Generators).