Cryptographic keys may be generated in one of three ways:
==Randomly==
Using a pseudorandom number generator (PRNG) and, when needed, a key-generation algorithm.
==From a password==
Using a key derivation function (KDF), which transforms the user-supplied password into a key.
==Through a key agreement protocol==
A series of message exchanges between two or more parties that ends with the establishment of a shared key.
Symmetric Keys
Secret keys shared by two parties, and they are the simplest to generate.
They are usually the same length as the security level they provide: ==a 128-bit key provides 128-bit security==, and any of the 2^128 possible keys is a valid one that can do the job as well as any other key.
To generate a symmetric key of n bits using a cryptographic PRNG, you simply ask it for n pseudorandom bits and use those bits as the key.
Asymmetric keys aren’t just raw bit sequences; instead, they represent a specific type of object, such as a large number with specific properties (in RSA, a product of two primes).
To generate an asymmetric key, ==you send pseudorandom bits as a seed to a key-generation algorithm==. This key-generation algorithm takes as input a seed value that’s at least as long as the intended security level and then constructs from it a private key and its respective public key, ensuring that both satisfy all the necessary criteria.