Generate Key

Generates a cryptographically secure random key for use with encryption and hashing operations. The node produces high-quality random keys suitable for AES, 3DES, and other cryptographic algorithms.

Common Properties

Name - The custom name of the node.
Color - The custom color of the node.
Delay Before (sec) - Waits in seconds before executing the node.
Delay After (sec) - Waits in seconds after executing node.
Continue On Error - Automation will continue regardless of any error. The default value is false.

info

If the ContinueOnError property is true, no error is caught when the project is executed, even if a Catch node is used.

Inputs

This node does not require any inputs.

Options

Key Length - The length of the key to generate:
- 8 - 8-bit key (4 hex characters) - Not recommended for production
- 16 - 16-bit key (8 hex characters) - Not recommended for production
- 32 - 32-bit key (16 hex characters) - Minimum for testing
- 64 - 64-bit key (32 hex characters) - For legacy algorithms
- 128 - 128-bit key (64 hex characters) - Good for AES-128
- 256 - 256-bit key (128 hex characters) - Recommended for AES-256
- 512 - 512-bit key (256 hex characters) - For high-security applications
- 1024 - 1024-bit key (512 hex characters) - For specialized use cases

Output

key - The generated cryptographic key in hexadecimal format.

How It Works

The Generate Key node creates cryptographically secure random keys:

Receives the requested key length option
Calculates the byte size needed: 2^(option + 2) bits
Generates random bytes using crypto/rand (cryptographically secure random generator)
Encodes the random bytes as a hexadecimal string
Returns the key for use in encryption operations

The key generation uses the system's cryptographically secure random number generator, ensuring high-quality randomness suitable for security-critical operations.

Example Usage

Generate AES-256 Key

// Generate a strong 256-bit key for AES encryption
// Use Generate Key node with Key Length = 256
// Output: key = "a1b2c3d4e5f6...128 hex characters..."

// Store key securely in vault
// Use key for Encrypt Text or Encrypt File nodes

Generate and Store Multiple Keys

// Generate different keys for different purposes
// 1. Generate Key (256-bit) for file encryption
const fileEncryptionKey = "{{msg.key}}";

// 2. Generate Key (128-bit) for session tokens
const sessionKey = "{{msg.key}}";

// 3. Store each key in Robomotion Vault with descriptive names

Key Rotation Workflow

// Automated key rotation process
// 1. Generate new 256-bit key
const newKey = "{{msg.key}}";

// 2. Retrieve old key from vault
const oldKey = "{{vault.current_encryption_key}}";

// 3. Decrypt data with old key
// 4. Encrypt data with new key
// 5. Store new key in vault
// 6. Archive old key with timestamp

Initialize Encryption System

// Setup encryption for a new system
// 1. Generate master key (256-bit)
const masterKey = "{{msg.key}}";

// 2. Generate data encryption key (256-bit)
const dataKey = "{{msg.key}}";

// 3. Generate HMAC key (256-bit)
const hmacKey = "{{msg.key}}";

// 4. Store all keys in vault with proper labels

Dynamic Key Generation

// Generate key based on security requirements
const securityLevel = "high"; // or "medium", "low"

let keyLength;
if (securityLevel === "high") {
  keyLength = "256"; // 256-bit
} else if (securityLevel === "medium") {
  keyLength = "128"; // 128-bit
} else {
  keyLength = "64"; // 64-bit
}

// Use Generate Key node with dynamic keyLength

Requirements

No special requirements - node generates keys independently
Sufficient system entropy for random number generation
Secure storage solution (Vault) for generated keys

Error Handling

The node will return errors in rare cases:

Insufficient entropy - System random number generator cannot provide randomness
System error - Operating system error during random number generation

These errors are extremely rare in normal operation.

Security Best Practices

Use 256-bit keys - For maximum security, use 256-bit or higher
Never reuse keys - Generate unique keys for different purposes
Store securely - Always store generated keys in Robomotion Vault
Never log keys - Don't write keys to logs or console output
Rotate regularly - Generate new keys periodically for sensitive operations
Backup keys - Maintain secure backups of encryption keys
Access control - Limit who can access generated keys
Key derivation - For multiple related keys, consider key derivation functions

Key Length Recommendations

By Use Case

Testing/Development: 128-bit (64 hex characters)
General Encryption: 256-bit (128 hex characters)
High-Security Data: 512-bit (256 hex characters)
Compliance (FIPS): 256-bit minimum (128 hex characters)

By Algorithm

AES-128: 128-bit key (64 hex characters)
AES-256: 256-bit key (128 hex characters)
3DES: 192-bit key (96 hex characters) - use 128-bit or higher
HMAC: 256-bit or higher (128+ hex characters)

Security Considerations

Avoid 8/16/32-bit: Too weak for any security use
64-bit: Only for legacy compatibility
128-bit: Minimum for production use
256-bit: Recommended standard
512/1024-bit: For future-proofing or specialized applications

Common Use Cases

Initial Setup - Generate keys when setting up encryption for the first time
Key Rotation - Generate new keys as part of regular security maintenance
Per-User Keys - Generate unique encryption keys for each user
Session Keys - Generate temporary keys for session encryption
Data Segregation - Generate separate keys for different data categories
Compliance - Generate keys meeting specific compliance requirements
Testing - Generate test keys for development and QA environments

Tips for Effective Use

Generate keys with appropriate length for your security requirements
Store keys immediately in Vault after generation
Label keys descriptively (purpose, date, version)
Document which keys are used for which data
Never email or transmit keys over insecure channels
Consider generating multiple keys for defense in depth
Test encryption/decryption with generated keys before production use
Implement key lifecycle management (generation, storage, rotation, revocation)

Key Storage Best Practices

// Good practice: Generate and immediately store in vault
// 1. Use Generate Key node (256-bit)
const newKey = "{{msg.key}}";

// 2. Store in vault with metadata
// Vault entry: {
//   name: "file_encryption_key_2024",
//   value: newKey,
//   description: "AES-256 key for file encryption",
//   created: "2024-01-15",
//   rotation_date: "2025-01-15"
// }

// 3. Clear key from message after storing

Integration Examples

With Encrypt Text

// Generate key and encrypt data
// 1. Generate Key (256-bit)
const encKey = "{{msg.key}}";

// 2. Store key in vault
// 3. Use key with Encrypt Text node
// 4. Store cipher text in database

With HMAC Signature

// Generate HMAC signing key
// 1. Generate Key (256-bit)
const hmacKey = "{{msg.key}}";

// 2. Store in vault as secret
// 3. Use with HMAC Signature node for data authentication

With File Encryption

// Generate key for batch file encryption
// 1. Generate Key (256-bit)
const fileKey = "{{msg.key}}";

// 2. Store key with identifier
// 3. Encrypt multiple files with same key
// 4. Track which files use this key

Encrypt Text - Use generated keys for text encryption
Encrypt File - Use generated keys for file encryption
HMAC Signature - Use generated keys as secret for HMAC
Sign - For RSA, generate key pairs separately

Common Properties​

Inputs​

Options​

Output​

How It Works​

Example Usage​

Generate AES-256 Key​

Generate and Store Multiple Keys​

Key Rotation Workflow​

Initialize Encryption System​

Dynamic Key Generation​

Requirements​

Error Handling​

Security Best Practices​

Key Length Recommendations​

By Use Case​

By Algorithm​

Security Considerations​

Common Use Cases​

Tips for Effective Use​

Key Storage Best Practices​

Integration Examples​

With Encrypt Text​

With HMAC Signature​

With File Encryption​

Related Nodes​