crypt.generatekey

Generates a cryptographically random AES-256 key and returns it as a Base64-encoded string. Internally calls the CSPRNGCSPRNGCryptographically Secure Pseudo-Random Number Generator. Produces output indistinguishable from true randomness. OS implementations: BCryptGenRandom (Windows), getrandom (Linux), /dev/urandom (Unix). (BCryptGenRandom on Windows) to produce 32 random bytes (256 bits), then Base64-encodes the result:

uint8_t key[32];
BCryptGenRandom(NULL, key, 32, BCRYPT_USE_SYSTEM_PREFERRED_RNG);
return base64_encode(key, 32);  // 44 chars with padding

The output is always 44 characters (32 bytes → 44 Base64Base64A binary-to-text encoding that represents binary data as ASCII characters. Every 3 bytes become 4 characters from the alphabet A-Z, a-z, 0-9, +, /. Padding with = if input length isn't divisible by 3. chars with = padding). Pass this directly to crypt.encrypt/crypt.decrypt as the key parameter.