I should caution anyone else that SHA256 hashing doesn't magically make things more secure, one must generate at least as much true randomness and entropy as a 256 bit number can hold, or your Bitcoin address will be weaker than one created by Bitcoin itself. If your bitcoin address is 16ga2uqnF1NqpAuQeeg7sTCAdtDUwDyJav, for example, it won't take a whole bunch of work for someone to find that you used a really stupid private key.

Also, SHA256 can create a value invalid as an ECDSA private key, "Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key."