What key size should I pick for AES?

256 bits is the safe modern default. 128 bits is still secure against any practical attack but offers less headroom against future quantum advances. 192 bits is rarely used.

Are these keys really cryptographically random?

Yes — they come from crypto.getRandomValues, which the browser backs with the operating system's secure random source (urandom, BCryptGenRandom, etc.).

What output format should I use?

Hex is most common and round-trips cleanly. Base64 is shorter (about 33% less storage) and matches what JWT and many APIs expect. Use raw bytes only if you are configuring a binary system.

Is the key stored or logged anywhere?

No. The key is generated in your browser and exists only in the current tab. Closing the tab discards it.

How long should an HMAC key be?

At least the block size of the underlying hash — 64 bytes for HMAC-SHA-256, 128 bytes for HMAC-SHA-512 — for full security.

Symmetric Key Generator | free cool tools online

How It Works

The Symmetric Key Generator produces cryptographically random keys for AES (128, 192, or 256-bit) and HMAC (any byte length) using the browser’s Web Crypto API — specifically crypto.getRandomValues, which is backed by the operating system’s secure random source. Pick a key size and an output format (lowercase hex, standard Base64, or raw byte array), and click Generate; a fresh, statistically uniform random key is produced and displayed instantly. Each click overwrites the previous key with a new one — the page never stores or transmits keys, and they exist only in the current tab’s memory. AES-256 keys are appropriate for most modern symmetric-encryption needs; AES-128 remains secure but provides a smaller margin against future attacks. HMAC keys should match or exceed the underlying hash’s block size (64 bytes for HMAC-SHA-256, 128 bytes for HMAC-SHA-512) for full security; the tool generates keys of the exact length you choose so you can match this requirement explicitly. Hex is the most common interchange format; Base64 is shorter; raw bytes are useful when you are pasting directly into a binary configuration.

Use Cases

Generating AES encryption keys for local file encryption
Creating HMAC secrets for signing tokens
Producing one-time keys for test environments
Teaching symmetric cryptography with real key sizes

Frequently Asked Questions

What key size should I pick for AES?: 256 bits is the safe modern default. 128 bits is still secure against any practical attack but offers less headroom against future quantum advances. 192 bits is rarely used.
Are these keys really cryptographically random?: Yes — they come from crypto.getRandomValues, which the browser backs with the operating system's secure random source (urandom, BCryptGenRandom, etc.).
What output format should I use?: Hex is most common and round-trips cleanly. Base64 is shorter (about 33% less storage) and matches what JWT and many APIs expect. Use raw bytes only if you are configuring a binary system.
Is the key stored or logged anywhere?: No. The key is generated in your browser and exists only in the current tab. Closing the tab discards it.
How long should an HMAC key be?: At least the block size of the underlying hash — 64 bytes for HMAC-SHA-256, 128 bytes for HMAC-SHA-512 — for full security.

How It Works

Use Cases

Frequently Asked Questions

Related Tools