Generally you'd use a key generation algorithm to produce a key of the desired length. This could be a random array of bytes (use a crypto random number generator) or in your case where you want the users producing the password you would use a password generated key.
It's then up to you what spec...
[ more ]