Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I need to generate a 256 bit key for AES symmetric encryption in .net. I have not found any description on how to do so “from scratch”. By this I mean, I don’t intend to base this key off of a user password. I simply want to produce a cryptographically secure key to use.
The best option, as far as I can tell, is simply to use the .net class RNGCryptoServiceProvider
Is this the best approach to generate cryptographically secure keys?
The “best approach” depends on your exact requirements.
If all you require is 32 random bytes, then RNGCryptoServiceProvider is fine. You have to make arrangements to ensure that the key is available at your destination, typically using RSA or some other asymmetric encryption method. If you need it for archive purposes, then you will need a way to securely store it. You also need to ensure that it is securely deleted after you no longer need it.
Alternatively you could use a Key Derivation Function, with the same considerations of transfer, storage and deletion applying to the KDF parameters.