Deriving a many-use key for symmetric data encryption
I need to generate a 256 bit key for AES symmetric encryption in .net. I have not found any description on how to do so "from scratch". By this I mean, I don't intend to base this key off of a user password. I simply want to produce a cryptographically secure key to use.
The best option, as far as I can tell, is simply to use the .net class RNGCryptoServiceProvider
Is this the best approach to generate cryptographically secure keys?
The "best approach" depends on your exact requirements.
If all you require is 32 random bytes, then RNGCryptoServiceProvider is fine. You have to make arrangements to ensure that the key is available at your destination, typically using RSA or some other asymmetric encryption method. If you need it for archive purposes, then you will need a way to securely store it. You also need to ensure that it is securely deleted after you no longer need it.
Alternatively you could use a Key Derivation Function, with the same considerations of transfer, storage and deletion applying to the KDF parameters.