How to generate strong one time session key for AES in python

I am using M2Crypto's AES for encrypting message, but confused about how to generate a strong random session key and of what length. Does M2Crypto provide 开发者_如何学运维any function for generation random key.

AES-128 has 128 bit key = 16 bytes.

random_key = os.urandom(16)

should be sufficient for most uses. When you feed this random value to M2 (or whatever crypto library), it is transformed internally into a "key schedule" actually used for encryption.

M2Crypto is notorious for lack of good documentation.

Here is what I could gather from their test cases:

import os
from M2Crypto import EVP

k = EVP.Cipher(alg='aes_128_cbc', key=os.urandom(16), iv=os.urandom(16), op=enc)

If you are encrypting to send to another party then you want to do something like Diffie Hellman or ECDH key exchange to establish a shared secret. If you just want to encrypt for storage, then you need a secure random number generator. I do not believe M2Crypto provides this?

It looks like M2Crypto does support Diffie Hellman.