diff --git a/r5dev/engine/net.cpp b/r5dev/engine/net.cpp
index a7fda782..e6ca6371 100644
--- a/r5dev/engine/net.cpp
+++ b/r5dev/engine/net.cpp
@@ -82,7 +82,10 @@ void NET_SetKey(const string& svNetKey)
 void NET_GenerateKey()
 {
 	if (!net_useRandomKey->GetBool())
+	{
 		net_useRandomKey->SetValue(1);
+		return; // Change callback will handle this.
+	}
 
 	BCRYPT_ALG_HANDLE hAlgorithm;
 	if (BCryptOpenAlgorithmProvider(&hAlgorithm, L"RNG", 0, 0) < 0)
@@ -289,6 +292,6 @@ void NET_Detach()
 }
 
 ///////////////////////////////////////////////////////////////////////////////
-string g_svNetKey = "WDNWLmJYQ2ZlM0VoTid3Yg==";
+string g_svNetKey = DEFAULT_NET_ENCRYPTION_KEY;
 uintptr_t g_pNetKey = NULL;
 #endif // !NETCONSOLE
diff --git a/r5dev/engine/net.h b/r5dev/engine/net.h
index cadbf175..fb344ac6 100644
--- a/r5dev/engine/net.h
+++ b/r5dev/engine/net.h
@@ -13,7 +13,8 @@
 #define NETMSG_LENGTH_BITS	12	// 512 bytes (11 in Valve Source, 256 bytes).
 #define NET_MIN_MESSAGE 5 // Even connectionless packets require int32 value (-1) + 1 byte content
 
-#define AES_128_KEY_SIZE 16
+constexpr unsigned int AES_128_KEY_SIZE = 16;
+constexpr const char* DEFAULT_NET_ENCRYPTION_KEY = "WDNWLmJYQ2ZlM0VoTid3Yg==";
 
 /* ==== CNETCHAN ======================================================================================================================================================== */
 inline CMemory p_NET_Init;
diff --git a/r5dev/vstdlib/callback.cpp b/r5dev/vstdlib/callback.cpp
index 2766d7fe..552a7ebd 100644
--- a/r5dev/vstdlib/callback.cpp
+++ b/r5dev/vstdlib/callback.cpp
@@ -759,6 +759,28 @@ void NET_GenerateKey_f(const CCommand& args)
 {
 	NET_GenerateKey();
 }
+
+/*
+=====================
+NET_UseRandomKeyChanged_f
+
+  Use random AES encryption
+  key for game packets
+=====================
+*/
+void NET_UseRandomKeyChanged_f(IConVar* pConVar, const char* pOldString, float flOldValue)
+{
+	if (ConVar* pConVarRef = g_pCVar->FindVar(pConVar->GetName()))
+	{
+		if (strcmp(pOldString, pConVarRef->GetString()) == NULL)
+			return; // Same value.
+
+		if (pConVarRef->GetBool())
+			NET_GenerateKey();
+		else
+			NET_SetKey(DEFAULT_NET_ENCRYPTION_KEY);
+	}
+}
 #ifndef DEDICATED
 /*
 =====================
diff --git a/r5dev/vstdlib/callback.h b/r5dev/vstdlib/callback.h
index 643d62a3..9a534970 100644
--- a/r5dev/vstdlib/callback.h
+++ b/r5dev/vstdlib/callback.h
@@ -35,6 +35,7 @@ void VPK_Unpack_f(const CCommand& args);
 void VPK_Mount_f(const CCommand& args);
 void NET_SetKey_f(const CCommand& args);
 void NET_GenerateKey_f(const CCommand& args);
+void NET_UseRandomKeyChanged_f(IConVar* pConVar, const char* pOldString, float flOldValue);
 #ifndef DEDICATED
 void RCON_CmdQuery_f(const CCommand& args);
 void RCON_Disconnect_f(const CCommand& args);