Free Encryption Key Generator
Generate a strong, cryptographically random encryption key for any symmetric cipher — AES, ChaCha20, secret-box, or anything else that takes a raw byte key. Default 256 bits, adjustable from 128 to 512. Runs entirely in your browser.
256 bits of key material. Generated locally using crypto.getRandomValues.
128-bit256-bit512-bit
What this key is for
Use it as the input to a symmetric encryption library. Common patterns:
- Encrypting a database column — generate a 256-bit key, store it in your secrets manager, encrypt sensitive columns with AES-GCM.
- Encrypting backups — generate a key per backup set, store the key separately from the backup.
- End-to-end encrypted messages — derive a per-conversation key from a Diffie-Hellman exchange or pre-share one securely.
- File encryption — symmetric is much faster than asymmetric, so even “public-key” tools like GPG actually use AES under the hood with this kind of key.
Frequently asked questions
An encryption key is the secret value used to encrypt and decrypt data. For symmetric encryption (AES, ChaCha20, etc.) the same key is used for both operations. The key must be unpredictable and at least 128 bits long.
256 bits (32 bytes) is the modern default for most uses — AES-256, ChaCha20, secret-box. 128 bits is still safe for general use but offers less safety margin against future cryptanalysis.
Never in source code. Use a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.), environment variables loaded from a secure source, or a key management service (KMS). Treat the key as you would the most sensitive data it protects.
Functionally identical for AES use. This page is named for non-crypto-savvy users searching for "encryption key"; the AES key page targets developers who know which algorithm they need.
Yes. The key is generated entirely in your browser via crypto.getRandomValues. Nothing is sent to a server, logged, or stored.
