Free encryption key generator

Generate an AES-256 encryption key or a random secret in your browser. The Web Crypto API creates the key on your device and it never crosses the network. You never create an account, and reloading the page discards the key.

Generating…

Copied to clipboard

Entropy256 bits
EncodingHex
Length0 chars
SourceWeb Crypto
Key size

The key is produced by the browser's Web Crypto API as an AES-GCM key, then exported as raw bytes. Hex and Base64 encode the same bytes, so switching format does not change the key's strength.

How the encryption key generator works

Runs entirely in your browser

1

Choose the key size and format

Pick an AES-128, AES-192, or AES-256 key, or switch to a random secret for an API key or session token, and choose hex, Base64, or alphanumeric output.

2

Generate the key

Your browser's Web Crypto API creates the key and exports its raw bytes. The randomness underneath is your operating system's cryptographically secure generator.

3

Copy it into your secrets manager

Paste the key into an environment variable or a secrets manager. It never transits the network, so it cannot be intercepted in flight or logged by a server that generated it for you.

Private by design: nothing leaves your browser

Many online key generators build the key on their server and send it back over the wire. At that point the key has been outside your control, and you have no way to know whether it was logged. This one never makes a network request:

01

100% client-side

The key is generated on your device with the browser's Web Crypto API. No request is made when you click Generate.

02

Nothing stored or logged

No account, no analytics on what you generate, no history. Reload the page and the key is gone.

03

Open and verifiable

Keys come from the browser's Web Crypto API, the same standard, audited primitive the browser uses for real encryption. No custom-rolled cryptography, and never an ordinary, predictable random number function.

What the generator guarantees

  1. AES keys are produced by the Web Crypto key generator, not by hashing a passphrase or a timestamp.
  2. Random secrets draw from the browser's Web Crypto API, seeded by the operating system.
  3. Alphanumeric output uses rejection sampling, so no character in the set is more likely than another.
  4. Hex and Base64 are encodings of identical bytes, so the format you pick never weakens the key.

Built for developers and security-conscious teams

Developers and teams who need key material that no third party has ever held. It is the same principle behind BlockSurvey's zero-knowledge surveys keys live on the device, so the server has nothing worth stealing.

Developers

Create AES keys for at-rest encryption, JWT signing secrets, and API keys without pasting them into a stranger's server first.

Security & IT teams

Rotate service credentials and seed a secrets manager, with the key size and entropy documented on screen for your change ticket.

Privacy-conscious users

Generate a key for disk or backup encryption on a machine that is offline, using the secure password generator for the passphrase that protects it.

Building something that handles sensitive data?

BlockSurvey runs on zero-knowledge surveys, so the responses you collect are never sold or mined. Your respondents' answers are encrypted on their own devices, just as this key never leaves yours.

Frequently asked questions

Is this encryption key generator free?

Yes, completely free with no sign-up and no limit on how many keys you generate. There is no paid tier that unlocks a longer key.

Does the key get sent to a server?

No. The key is generated inside your browser and never leaves your device. The page makes no network request when you click Generate, and nothing is logged or stored. Open your browser's network tab while generating, or disconnect from the internet first, and you can confirm it yourself. If a server has ever held your key, you should treat that key as compromised.

How is the AES key generated? Which algorithm is used?

Keys are generated as AES-GCM keys by the browser's Web Crypto API and then exported as raw bytes. The underlying randomness is the operating system's cryptographically secure random number generator. No ordinary, predictable random number function is used, and no key material is derived from a password, a timestamp, or a counter.

Should I use AES-128 or AES-256?

Use AES-256 unless a specification forces a shorter key. AES-128 is not broken and is still considered secure against classical attacks, but AES-256 costs almost nothing extra in performance and leaves a wide margin, including against the quadratic speed-up a large quantum computer would offer against symmetric ciphers.

What is the difference between hex and Base64 output?

They are two encodings of the same key bytes, not two different keys. Hex uses two characters per byte, so a 256-bit key is 64 characters. Base64 packs three bytes into four characters, so the same key is 44 characters. Pick whichever format the library or config file you are pasting into expects.

Can I use the random secret for API keys and session tokens?

Yes. The token mode produces cryptographically random bytes, encoded as hex, Base64URL, or alphanumeric characters. Thirty-two bytes, which is 256 bits, is the standard size for an API key, a session token, or a signing secret. Base64URL is safe to place in a URL or a cookie without escaping.

Can I use this offline?

Yes. Load the page once, disconnect from the internet, and it keeps generating keys, because all of the work happens in your browser. This is also the simplest way to prove that no key is being transmitted.

Is this key strong enough to be a master encryption key?

Yes, if you store it safely. A 256-bit key drawn from the operating system's random number generator cannot be brute-forced with any foreseeable technology. From that point on the weak link is key storage, not key strength, so keep it in a secrets manager or an environment variable rather than in source control.
Scripts are blocked. This site won’t work properly. If you’re using Brave, click the Shields icon and turn off Block scripts. Otherwise disable your ad blocker for this site.