The IV (initialisation vector) is relevant when you're encrypting multiple blocks using a single symmetric algorithm instance. Without an IV if you encrypt two identical blocks using the same instance in theory you would end up with two identical outputs. This introduces the possibility of the deciphered text & even the key being derivable.
When encrypting a block using one of the framework-provided symmetric encryption algorithms (derived from SymmetricAlgorithm
) the previous block that was encrypted from that instance will become an input of the next blocks encrypted output, creating a chain of blocks all dependent on their previous blocks. The IV in that case is used to seed the first block.
The IV parameter is mandatory and when you create an algorithm instance it'll generate one for you, so if you don't overwrite the value with your own IV then you'll want to record the generated one if your intention is to be able to decrypt the payload.
This paragraph explains the details:
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.symmetricalgorithm.iv?view=net-6.0#remarks
Edit: Sorry just saw your second question. The reason why the key is 32 in length is because you're generating a random hash to use as your key (using the SHA256 hashing algorithm.) SHA256 gives you a 256 bit hash value as a response, and 256 bits is 32 bytes.