I've read that best practices of generating keys with encryption is to use the API provided by the platform.<p>What exactly happens under that API? How is the algorithm that does the encryption actually hidden?
The reason for using the API is not to "hide" the algorithm, but to prevent mistakes.<p>If you make a mistake in implementing or using an encryption algorithm, it may be easily broken. Encryption algorithms are relatively complex to implement, so it's safer to go with a tried-and-tested implementation in the form of an established API.<p>Good encryption algorithms are all designed with the expectation that the algorithm will be widely known. The security is provided in a different way, through the expectation that only one entity holds the key that unlocks the encrypted data and that the algorithm will prevent anyone who doesn't hold the key from being able to unencrypt the data anyways.