diff --git a/src/borg/archiver/rcreate.py b/src/borg/archiver/rcreate.py
index c30fbc7b1..7fb0854c1 100644
--- a/src/borg/archiver/rcreate.py
+++ b/src/borg/archiver/rcreate.py
@@ -21,6 +21,8 @@ class RCreateMixIn:
         """Create a new, empty repository"""
         path = args.location.canonical_path()
         logger.info('Initializing repository at "%s"' % path)
+        if other_key is not None:
+            other_key.copy_ae_key = args.copy_ae_key
         try:
             key = key_creator(repository, args, other_key=other_key)
         except (EOFError, KeyboardInterrupt):
@@ -206,3 +208,9 @@ class RCreateMixIn:
             action="store_true",
             help="create the parent directories of the repository directory, if they are missing.",
         )
+        subparser.add_argument(
+            "--copy-ae-key",
+            dest="copy_ae_key",
+            action="store_true",
+            help="copy the authenticated encryption (AE) key from the key of the other repo (default: new random key).",
+        )
diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py
index 9b64e71ce..8beb1401b 100644
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@@ -191,6 +191,7 @@ class KeyBase:
         self.compressor = Compressor("lz4")
         self.decompress = self.compressor.decompress
         self.tam_required = True
+        self.copy_ae_key = False
 
     def id_hash(self, data):
         """Return HMAC hash using the "id" HMAC key"""
@@ -605,11 +606,17 @@ class FlexiKey:
                 raise Error("Copying key material to an AES-CTR based mode is insecure and unsupported.")
             if not uses_same_id_hash(other_key, key):
                 raise Error("You must keep the same ID hash (HMAC-SHA256 or BLAKE2b) or deduplication will break.")
+            if other_key.copy_ae_key:
+                # give the user the option to use the same authenticated encryption (AE) key
+                enc_key = other_key.enc_key
+                enc_hmac_key = other_key.enc_hmac_key
+            else:
+                # borg transfer re-encrypts all data anyway, thus we can default to a new, random AE key
+                data = os.urandom(64)
+                enc_key = data[0:32]
+                enc_hmac_key = data[32:64]
             key.init_from_given_data(
-                enc_key=other_key.enc_key,
-                enc_hmac_key=other_key.enc_hmac_key,
-                id_key=other_key.id_key,
-                chunk_seed=other_key.chunk_seed,
+                enc_key=enc_key, enc_hmac_key=enc_hmac_key, id_key=other_key.id_key, chunk_seed=other_key.chunk_seed
             )
             passphrase = other_key._passphrase
         else: