SM2SM/GM encryption tool user guide
SM2is an elliptic-curve public-key cryptographic algorithm released by China’s State Cryptography Administration in 2010, and a key component of the national commercial cryptography standards (the SM/GM algorithms). SM2 became a national cryptographic industry standard (GB/T 32918) in 2016 and a national standard in 2018. This tool provides professional online SM2 encryption and decryption, supporting a fixed 256-bit key length, both C1C3C2/C1C2C3 ciphertext orderings, and HEX/PEM key formats — ideal for government systems, financial institutions, and other scenarios that require SM/GM compliance。
Key features
🇨🇳 SM/GM standard compliance
Fully compliant with the GB/T 32918 national standard, meeting SM/GM compliance requirements。
Input:
SM/GM algorithm testingPublic key:
256-bit HEX-format public keyCiphertext order:
C1C3C2(New standard)Output:
Base64-encoded ciphertextUse cases:
- Government system data encryption
- Information protection for financial institutions
- Enterprise SM/GM compliance applications
- E-government and e-commerce
🔐 Elliptic-curve encryption
Based on the elliptic-curve discrete logarithm problem, a 256-bit key provides 128-bit security strength。
- Key length: fixed 256 bits (32 bytes)
- Security strength:128 bits (equivalent to RSA-3072)
- Curve parameters: the SM2 recommended curve
- Key size: 65-byte public key, 32-byte private key
- Excellent performance: faster than RSA, with shorter keys
- Quantum resistance: comparable to RSA
🔄 Ciphertext ordering compatibility
Supports both C1C3C2 (new standard) and C1C2C3 (old standard) ciphertext orderings。
- C1C3C2:New SM/GM standard (recommended)
- C1C2C3:Old SM/GM standard (compatibility)
- C1:Elliptic-curve point (64 bytes)
- C2:Ciphertext data (same length as the plaintext)
- C3:SM3Digest value (32 bytes)
- The two orderings can be converted to each other
📝 Dual-Format Support
Supports both HEX and PEM key formats; HEX is SM2’s native format (default)。
- HEX format:16hexadecimal encoding, native format (recommended)
- PEM format:Base64Encode,Standard format
- Formats can be converted to each other
- Automatic key pair generation
- One-click copy of public/private key
- Supports manually importing existing keys
How to use
Select the ciphertext ordering and key format
Select the ciphertext ordering (the new C1C3C2 standard is recommended). The page automatically generates an SM2 key pair in HEX format; you can also switch to PEM format and regenerate
Enter the data to encrypt
Enter the content to encrypt in the text editor. For SM2, a single encryption should not exceed 32–64 bytes. To encrypt large files, use a hybrid encryption scheme
Run encryption or decryption
Click “Encrypt” to encrypt data with the public key, and click “Decrypt” to decrypt the ciphertext with the private key. The right side displays the processing result and statistics, which you can copy or export
SM2SM/GM algorithms explained
SM2is an elliptic-curve public-key cryptographic algorithm independently designed by China, comprising three parts: digital signature, key exchange, and public-key encryption. SM2 uses a 256-bit key length and offers security comparable to the international ECC P-256, but with different elliptic-curve parameters. SM2 is already widely used in China’s e-government, financial systems, e-commerce, and other fields, and is a core component of the SM/GM algorithm suite。
SM2 Algorithm principles
🔢 Elliptic-curve basics
Mathematical foundations:Elliptic-curve discrete logarithm problem
- Curve equation:y² = x³ + ax + b (mod p)
- SM2Recommended curve: specific a, b, and p parameters
- Base point G: the generator on the curve
- Private key d: a random integer (256-bit)
- Public keyP:P = d × G(Elliptic-curve point multiplication)
- Security is based on the ECDLP hard problem
🔐 Encryption process
- Generate a random numberk
- CalculateC1 = k × G(Elliptic-curve point)
- CalculateS = k × P(Shared secret point)
- Derive the encryption key using a KDF
- CalculateC2 = M ⊕ key (ciphertext data)
- CalculateC3 = SM3(S || M)(Summary)
- Output ciphertext:C1 || C3 || C2 or C1 || C2 || C3
SM2 Ciphertext structure explained
📦 Ciphertext components
C1 - Elliptic-curve point (64 bytes):
- Random pointk×G’s coordinates
- Contains the x and y coordinates, 32 bytes each
- Used by the recipient to compute the shared key
- Different for every encryption (randomk)
C2 - Ciphertext data (variable length):
- The result of XORing the plaintext with the key stream
- Same length as the plaintext
- The main encrypted data
C3 - SM3Summary(32 bytes):
- Uses the SM3 hash algorithm
- Ensures data integrity
- Prevents the ciphertext from being tampered with
🔄 Ciphertext ordering standards
C1C2C3(Old standard):
- The earliest version of the SM/GM standard
- C1 + C2 + C3 Arranged in order
- Still used by some legacy systems
- Choose this option when compatibility is required
C1C3C2(New standard,Recommended):
- Post-2016 SM (national cryptography) standard
- C1 + C3 + C2 Arranged in order
- Better aligns with cryptographic design principles
- Verify the digest before processing the data
- New systems should use this ordering
SM2 Technical features
🇨🇳 National standard
SM2is a Chinese national cryptography standard (GB/T 32918) and has been incorporated into the ISO/IEC international standards. It carries legal force in government, finance, and other critical fields, and is a mandatory algorithm for SM/GM compliance。
🔒 Safe & reliable
Rigorously evaluated by the State Cryptography Administration, the 256-bit key provides 128-bit security strength, comparable to the international ECC P-256, and resists all known cryptographic attacks。
⚡ Excellent performance
Built on elliptic curves, the SM2 algorithm needs only 1/12 the key length of RSA at the same security strength, with fast encryption and efficient key generation and verification。
🌐 Widely supported
Fully supported by mainstream domestic crypto libraries (GmSSL, Tongsuo, etc.), with mature implementations across many programming languages. Together with SM3 and SM4 it forms a complete SM/GM algorithm suite。
SM2 vs RSA vs ECC Compare
| Features | RSA-2048 | ECC P-256 | SM2-256 |
|---|---|---|---|
| Security strength | 112 bits | 128 bits | 128 bits |
| Key length | 2048 bits | 256 bits | 256 bits (fixed) |
| Public key size | 256 bytes | 65 bytes | 65 bytes |
| Private key size | 1192 bytes | 32 bytes | 32 bytes |
| Encryption speed | Slow | Fast | Fast |
| Standardized | PKCS#1、PKCS#8 | NIST FIPS 186 | GB/T 32918 |
| SM compliant | ❌ No | ❌ No | ✅ Yes |
| Recommended use cases | Internationally common | Modern applications | SM compliant |
SM2 Use cases
🏛️ Government systems
Data encryption and digital signing in government domains such as e-government, government information systems, and official document workflows
🏦 Financial industry
SM/GM-compliant applications across finance, including banking systems, securities trading, insurance, and payment systems
📱 Mobile payment
Encryption of sensitive information and transaction signing in mobile payment apps such as Alipay and WeChat Pay
🔐 Digital certificates
PKI infrastructure such as SM/GM SSL certificates, SM/GM CA systems, and enterprise digital certificates
🏢 Enterprise applications
Business applications requiring SM/GM compliance, such as enterprise information systems, OA systems, and ERP systems
🔒 Key exchange
Use SM2 for key agreement, combined with SM4 symmetric encryption for efficient hybrid encryption
✍️ Digital Signature
Identity authentication scenarios such as e-contract signing, software code signing, and document digital signatures
🌐 IoT
SM/GM security protection for IoT scenarios such as smart devices, industrial control systems, and smart cities
SM2Usage recommendations and best practices
When it is mandatorySM2
✅ Scenarios with mandatory SM/GM compliance
Under the Measures for the Administration of Commercial Cryptography Application Security Assessment, the following scenariosMandatorySM algorithms:
- Critical information infrastructure
- Government systems and e-government
- Core systems of financial institutions
- Critical industries such as telecom and energy
- Systems involving state secrets
- Systems that must pass a cryptography assessment
✅ Recommended use cases
- Systems deployed within China
- Systems that interface with government agencies and financial institutions
- Projects requiring domestic replacement of foreign technology
- Sensitive data protection
- High-security needs within an enterprise
- Products aimed at the domestic market
Recommendations for choosing the ciphertext ordering
🆕 C1C3C2(New standard,Recommended)
Benefits:
- Conforms to the post-2016 SM/GM standard
- Better aligns with cryptographic design principles
- Verify integrity before processing the data
- The standard choice for new systems
- Closer to international standards
Use cases:
- New system development(Strongly recommended)
- System upgrade and retrofit
- Standards-compliance projects
- Scenarios with no backward-compatibility burden
🔄 C1C2C3(Old standard, compatibility)
Features:
- Pre-2016 SM (national cryptography) standard
- Still used by some legacy systems
- Choose when backward compatibility is needed
- Functionally equivalent to the new standard
Use cases:
- Interoperating with legacy systems
- Decrypting historical data
- Requirements of specific vendor hardware
- Compatibility needs during the transition period
Key format selection recommendations
🔢 HEX Format(Recommended)
Benefits:
- SM2’s native format
- Concise format, easy to process
- SM/GM libraries commonly use this format
- Convenient for debugging and inspection
- Stable for cross-platform transmission
Use cases:
- Pure SM/GM systems (recommended)
- Developed with SM/GM libraries
- Internal system communication
- When you need to work directly with the key bytes
📝 PEMFormat
Benefits:
- Standard key exchange format
- Consistent with the RSA and ECC formats
- Facilitates certificate management
- Compatible with tools such as OpenSSL
Use cases:
- Hybrid cryptographic system
- Certificate management required
- Interoperating with international standards
- Using general-purpose crypto libraries
SM2 Used together with other algorithms
🔐 SM2 + SM4(Recommended)
Hybrid encryption scheme:
- Generate randomSM4Key(128 bits)
- Encrypt the actual data with the SM4 key
- Encrypt the SM4 key with the SM2 public key
- Transmit both the SM4 ciphertext and the SM2 ciphertext
- The recipient decrypts the SM4 key with the SM2 private key
- Decrypt the actual data with the SM4 key
Benefits:Combines the security of SM2 with the efficiency of SM4, fully SM/GM-compliant
✍️ SM2 + SM3
Digital signature scheme:
- Compute the data digest with SM3
- Sign the digest with the SM2 private key
- Verify the signature with the SM2 public key
- Ensures data integrity and source authenticity
Application:E-contracts, software signing, and identity authentication
Security Considerations
⚠️ Avoid Common Mistakes
- ❌ Mixing C1C3C2 and C1C2C3 orderings
- ❌ Encrypting large files directly with SM2
- ❌ Storing private keys in plaintext
- ❌ Uses non-standard elliptic-curve parameters
- ❌ Ignoring key format differences
- ❌ Using uncertified cryptography libraries
- ❌ Does not verify ciphertext integrity(C3)
✅ Recommended Practices
- ✅ Standardize on the new C1C3C2 standard
- ✅ Use hybrid encryption for large data
- ✅ Encrypt and restrict access to the private key
- ✅ Use SM/GM-certified cryptography products
- ✅ HEXformat for SM/GM systems
- ✅ Perform regular assessments and security audits
- ✅ Used together with SM3 and SM4
SM/GM migration guide
Assess compliance requirements
Confirm whether your system is critical information infrastructure and whether it must pass a cryptography assessment. Consult an assessment body certified by the State Cryptography Administration to learn the specific compliance requirements
Choose SM/GM products
Choose cryptographic modules, devices, or services certified by the State Cryptography Administration for commercial cryptography products. Common open-source libraries include GmSSL and Tongsuo
Implement algorithm replacement
Replace RSA with SM2, AES with SM4, and SHA with SM3. A dual-algorithm transition approach is recommended to migrate gradually
Key management overhaul
Establish a key management system compliant with SM/GM standards, covering the full lifecycle: key generation, storage, distribution, rotation, and destruction
Testing and assessment
Conduct thorough functional and performance testing. Apply for a commercial cryptography application security assessment; only after passing may the system go into production
Cross-language implementation reference
💻 Common Programming Languages
JavaScript/Node.js:
- sm-crypto(used by this tool) - browser-side
- node-sm-crypto - Node.js-side
Java:
- Bouncy Castle(SupportSM2)
- Vendors’ SM/GM Java libraries
Python:
- gmssl - PythonSM/GM library
- python-sm2
Go:
- github.com/tjfoc/gmsm - GoSM/GM library
C/C++:
- GmSSL - Open-source SM/GM toolkit
- Tongsuo(formerlyBabaSSL)
🔧 Command-Line Tools
GmSSL:
- Generate an SM2 key pair
- SM2Encryption & Decryption
- SM2Digital signature
- SM/GM certificate management
OpenSSL(SM/GM support):
- requires an SM/GM patch or the Tongsuo build
- SupportSM2/SM3/SM4
- SM (Chinese national cryptography)SSL/TLS
FAQ
❓ SM2What is the difference from ECC?
SM2and ECC are both elliptic-curve public-key cryptographic algorithms, butSM2Uses different curve parameters。SM2uses China’s independently designed recommended curve, whereas international ECC typically uses NIST curves (such as P-256). The two offer comparable security strength, butSM2is a Chinese national standard,In SM/GM compliance scenarios SM2 is mandatory and cannot be replaced by international ECC。
❓ When you must use itSM2?
Under the Measures for the Administration of Commercial Cryptography Application Security Assessment》,Critical information infrastructure, and important networks and information systemsmust be protected with commercial cryptography. These include government systems, financial institutions, telecom operators, energy enterprises, critical industrial control systems, and more. In these scenarios SM/GM algorithms such as SM2 are mandatory, and must passCryptography assessment (commercial cryptography application security assessment)。
❓ C1C3C2and C1C2C3: how to choose?
Strongly recommended for new systemsC1C3C2,This is the post-2016 SM/GM standard and better follows cryptographic design principles (verify integrity before processing data). Use C1C2C3 only when: 1) you need to interoperate with pre-2016 legacy systems; 2) the hardware supports only the old standard; 3) you are decrypting historical data. The two orderings can be converted to each other, butEncryption and decryption must use the same ordering。
❓ SM2What is the difference between the HEX and PEM formats?
HEXFormatis SM2’s native format, representing key bytes directly in hexadecimal — concise and efficient, and the common format for SM/GM libraries。PEMFormatis a standard key-exchange format, Base64-encoded with header and footer markers and consistent with the RSA and ECC formats. RecommendedFor use in pure SM/GM systemsHEX,Use when interoperating with international standards or managing certificatesPEM。
❓ How to pass the cryptography assessment?
Passing the assessment requires:1)Use commercial cryptography products certified by the State Cryptography Administration;2)Establish a robust key management system;3)Correctly implement SM/GM algorithms such as SM2/SM3/SM4;4)Draft a cryptography application plan and security policy;5)Engage a qualified assessment body to perform the evaluation. RecommendedFactor in assessment requirements as early as the system design phase,Avoids large-scale rework later。
Learning resources
📚 Technical Standards
- GB/T 32918.1-5 - SM2standard
- GB/T 32905 - SM3standard
- GB/T 32907 - SM4standard
- GM/T 0009 - SM2Cryptographic algorithm application specification
- 《Measures for the Administration of Commercial Cryptography Application Security Assessment》
🔧 Tool Documentation
- GmSSLDocumentation and tutorials
- sm-cryptoUser Guide
- Tongsuo(formerly BabaSSL) documentation
- State Cryptography Administration official website