Generate Encryption Keys in Go - crypto/rand & crypto/rsa
Complete code tutorial with examples and best practices
[ Code Example - Quick Summary ]
Language: Go
What: Generate AES and RSA encryption keys in Go using crypto/rand and crypto/rsa packages for secure encryption.
Try it: Use our interactive Encryption-keys generator or integrate this code into your Go application.
Generate AES and RSA encryption keys in Go using crypto/rand and crypto/rsa packages for secure encryption. Looking for other languages? Check our code examples in PHP , JavaScript , Python , Java , C# , C++ and Ruby or use our interactive web generator.
Go Code Example
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/hex"
"encoding/pem"
"fmt"
"log"
)
func main() {
// AES-256 Key Generation
aes256Key := make([]byte, 32) // 256 bits
if _, err := rand.Read(aes256Key); err != nil {
log.Fatal(err)
}
aes256Hex := hex.EncodeToString(aes256Key)
aes256Base64 := base64.StdEncoding.EncodeToString(aes256Key)
fmt.Println("AES-256 Key (Hex):", aes256Hex)
fmt.Println("AES-256 Key (Base64):", aes256Base64)
// AES-128 Key
aes128Key := make([]byte, 16)
rand.Read(aes128Key)
fmt.Println("AES-128 Key (Hex):", hex.EncodeToString(aes128Key))
// RSA Key Pair Generation (2048-bit)
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatal(err)
}
// Export private key (PKCS8 format)
privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
if err != nil {
log.Fatal(err)
}
privateKeyPem := pem.EncodeToMemory(&pem.Block{
Type: "PRIVATE KEY",
Bytes: privateKeyBytes,
})
// Export public key
publicKeyBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey)
if err != nil {
log.Fatal(err)
}
publicKeyPem := pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: publicKeyBytes,
})
fmt.Println("Private Key:\n", string(privateKeyPem))
fmt.Println("Public Key:\n", string(publicKeyPem))
}[EXPLANATION]
Go's crypto/rand package provides cryptographically secure random generation via rand.Read(), which fills a byte slice with random data from the OS's CSPRNG. For AES keys, create a 32-byte slice (AES-256) or 16-byte slice (AES-128) and populate with rand.Read(). Use hex.EncodeToString() or base64.StdEncoding.EncodeToString() for encoding. For RSA, rsa.GenerateKey(rand.Reader, bits) creates a private key with the specified bit length (2048 or 4096). x509.MarshalPKCS8PrivateKey() and x509.MarshalPKIXPublicKey() export keys to standard formats, which are then PEM-encoded with pem.EncodeToMemory() for storage.
Expected Output
AES-256 Key (Hex): c7e2f5a9d3b8e1c4f7a2d6b9e3c5f8a1d4b7e9c2f5a8d1b4e7f9c3a6d8e2f5a9 AES-256 Key (Base64): x+L1qdO44cT3otbbnjxfih1LeeLy9ajRtOfy pcjR5Lfzqdbo= AES-128 Key (Hex): f3a7d2e5c1b8f4a9d6c3e7b2f5a8c1d4 Private Key: -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDK... -----END PRIVATE KEY----- Public Key: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyv... -----END PUBLIC KEY-----
Common Use Cases
- Encrypt data in microservices architectures
- Secure configuration management
- TLS certificate generation for HTTPS
- Encrypt sensitive logs
- Cloud-native encryption (AWS KMS, GCP KMS)
Important Notes
-
crypto/rand.Readeruses OS-specific CSPRNG -
Always check errors from
rand.Read() -
For encrypted private keys, use
x509.EncryptPEMBlock() - Store keys in environment variables or secrets managers
- Go's crypto packages follow FIPS 140-2 standards
Try Our Interactive Generator
Don't want to write code? Use our free web-based Encryption-keys generator with instant results.
TRY ENCRYPTION-KEYS GENERATOR →Other Programming Languages
View Encryption-keys generation code examples in PHP
View Encryption-keys generation code examples in JavaScript
View Encryption-keys generation code examples in Python
View Encryption-keys generation code examples in Java
View Encryption-keys generation code examples in C#
View Encryption-keys generation code examples in C++
View Encryption-keys generation code examples in Ruby