The Internet of Things (IoT) networks are finding massive applications in mission-critical contexts. A group key is needed to encrypt and authenticate broadcast/multicast messages commonly seen in large-scale wireless networks. In this paper, we propose DroneKey, a novel drone-aided PHY-based Group-Key Generation (GKG) scheme for large-scale IoT networks. In DroneKey, a drone is dispatched to fly along random 3D trajectories and keep broadcasting standard wireless signals to refresh the group keys in the whole network. Every IoT device receives the broadcast signals from which to extract the Channel State Information (CSI) stream which captures the dynamic variations of the individual wireless channel between the IoT device and the drone. DroneKey explores a deep-learning approach to extract the hidden correlation among the CSI streams to establish a common group key. We thoroughly evaluate DroneKey with a prototype in both indoor and outdoor environments. We show that DroneKey can achieve a high key-generation rate of 89.5 bit/sec for 10 devices in contrast to 40 bit/sec in the state-of-art prior work. In addition, DroneKey is much more scalable and can support 100 devices in contrast to 10 nodes in the state-of-art prior work with comparable key-generate rates.