With the growing use of underwater acoustic communications and the recent adoption of standards in this field, it is becoming increasingly important to secure messages against eavesdroppers. In this paper, we focus on a physical-layer security solution to generate sequences of random bits (keys) between two devices (Alice and Bob) belonging to an underwater acoustic network (UWAN); the key must remain secret to a passive eavesdropper (Eve) not belonging to the UWAN. Our method is based on measuring the propagation delay of the underwater acoustic channel over multiple hops of the UWAN: this harvests the randomness in the UWAN topology and turns the slow sound propagation in water into an advantage against eavesdropping. Our key generation protocol includes a route discovery handshake, whereby all UWAN devices at intermediate hops accumulate their message processing delays. This enables Alice and Bob to compute the actual propagation delays along each route and to map such information to a sequence of bits. Finally, from these bit sequences, Alice and Bob obtain a secret key. We analyze the performance of the protocol theoretically and assess it via extensive simulations and field experiments.