SM3National SM hash computation
Import text
Import file
Result

SM3National SM hash tool user guide

SM3is a cryptographic hash algorithm released by China’s State Cryptography Administration in 2010 and an important part of China’s commercial cryptography (SM) standards. SM3 became the national cryptographic industry standard (GB/T 32905) in 2016 and was approved as a national standard by the Standardization Administration of China in 2018. This tool provides a professional online SM3 hash calculation service, producing a fixed 256-bit (64 hexadecimal characters) hash value, supporting text and file processing, and suited to government systems, financial institutions, and other scenarios that require SM compliance。

Key features

🇨🇳 SM/GM standard compliance

Fully compliant with the GB/T 32905 national standard and meets SM compliance requirements。

SM3-256Example:
Input: Hello World
Hex:44f0061e69fa6fdfc290c494654a05dc0c053da7e5c52b84ef93a9d67d3fff88
Base64:RPAGHmn6b9/CkMSUZUoF3AwFPaflxSuE75Op1n0//4g=

Use cases:
  • Data integrity verification for government systems
  • Transaction data digests for financial institutions
  • Enterprise SM/GM compliance applications
  • Digital signature message digest
  • Password storage hash value
  • File integrity verification

🔐 256-bit fixed output

produces a fixed 256-bit (32-byte) hash value, with security comparable to SHA-256。

  • Output length: 256 bits(32 bytes)
  • Hex:64characters
  • Base64Encode:44characters
  • Security strength:128 bits
  • Strong collision resistance
  • Meets cryptographic assessment requirements

📁 File processing support

Supports SM3 hashing of text and any file, making batch processing easy。

  • Text file import (TXT, JSON, CSS, JS, …)
  • Any file import (images, documents, videos, etc.))
  • Export results
  • File information display
  • Preserves encoding
  • Large file support (up to100MB)

⚡ High-performance computation

Uses an optimized algorithm to support fast SM3 computation on large files with real-time progress feedback。

  • Process large files in chunks
  • Real-time progress display
  • Memory-optimized algorithm
  • Multi-format output(Hex/Base64)
  • Batch file processing
  • Result comparison

How to use

1

Input data

Enter the text to process in the editor on the left, or click"Import text file"Loading document content, click"Import file"Load any file (images, videos, programs, etc.)

2

Run calculation

Click"Calculate"button, and the system will compute the SM3 hash of the text or file content. After a file is imported, its information and processing options are shown automatically

3

View results

The SM3 hash result is shown on the right in three formats — lowercase, uppercase, and Base64 — each with its own copy button. Error messages appear at the bottom. One-click copy is supported

SM3SM/GM algorithms explained

SM3is a cryptographic hash algorithm developed by China’s State Cryptography Administration and a key part of the national commercial cryptography (SM) algorithm family. SM3 was released in 2010, became the national cryptographic industry standard (GB/T 32905) in 2016, and was approved as a national standard by the Standardization Administration of China in 2018. SM3’s design draws on SHA-256 but uses different round functions, message expansion, and compression functions, producing a fixed 256-bit (32-byte) hash value. SM3 is widely used across China’s e-government, financial systems, and e-commerce, and is a core component of the national cryptographic algorithm system。

SM3 Algorithm principles

🔢 Technical specifications

Key characteristics:

  • Output length: 256 bits(32 bytes)
  • Hex:64characters
  • Base64:44characters
  • Block size:512 bits(64bytes)
  • Compression function:64rounds of iteration
  • Security strength:128 bits
  • Collision-resistant:2^128operations

🔐 Algorithm workflow

Calculation steps:

  1. Message padding(Padding)
  2. Message blocking (512 bits per block)
  3. Message expansion (132 words)
  4. Compression function (64 rounds of iteration)
  5. Output256 bitsHash value

Features:One-way, collision-resistant, avalanche effect

SM3 Technical features

🇨🇳 National standard

SM3is a Chinese national cryptographic standard (GB/T 32905) that has been incorporated into ISO/IEC international standards. It carries legal effect in critical fields such as government and finance and is the mandatory algorithm for SM compliance。

🔒 Safe & reliable

Rigorously evaluated by the State Cryptography Administration, its security is comparable to the international SHA-256 and can withstand known cryptographic attacks, including collision and preimage attacks。

⚡ Excellent performance

SM3Using a 64-round compression function, it maintains security while delivering performance comparable to SHA-256, making it suitable for large-scale data processing and real-time applications。

🌐 Widely supported

Fully supported by mainstream domestic cryptographic libraries (GmSSL, Tongsuo, etc.), with mature implementations across many programming languages. Together with SM2 and SM4 it forms a complete national cryptographic algorithm system。

SM3 vs SHA-256 vs MD5 Compare

Features SM3 SHA-256 MD5
Output length 256 bits(32 bytes) 256 bits(32 bytes) 128 bits(16bytes)
Block size 512 bits 512 bits 512 bits
Number of compression rounds 64rounds 64rounds 64rounds
Security strength 128 bits 128 bits 64digits
Collision-resistant 2^128 2^128 Broken
Performance Fast Fast Fast
Standardized GB/T 32905(National standard) FIPS 180-4(United States) RFC 1321
SM compliant ✅ Yes ❌ No ❌ No
Security status Security Security Insecure (deprecated)
Recommended use cases SM compliant Internationally common Compatibility only

SM3 Use cases

🏛️ Government systems

Data integrity verification in government domains such as e-government, government information systems, and official document workflows

🏦 Financial industry

Transaction digests in financial domains such as banking systems, securities trading, insurance, and payment systems

📱 Mobile payment

Data integrity verification in mobile payment apps such as Alipay and WeChat Pay

✍️ Digital Signature

Used with SM2 for electronic contract signing, software code signing, and document digital signatures

🏢 Enterprise applications

Business applications requiring SM/GM compliance, such as enterprise information systems, OA systems, and ERP systems

📁 File verification

Verify that files remain intact during transmission or storage, ensuring data integrity

🔐 Password storage

Securely store the hash of user passwords, combined with a salt for stronger security

🌐 IoT

Data integrity protection for IoT scenarios such as smart devices, industrial control systems, and smart cities

SM3Usage recommendations and best practices

When it is mandatorySM3

✅ Scenarios with mandatory SM/GM compliance

Under the Measures for the Administration of Commercial Cryptography Application Security Assessment, the following scenariosMandatorySM algorithms:

  • Critical information infrastructure
  • Government systems and e-government
  • Core systems of financial institutions
  • Critical industries such as telecom and energy
  • Systems involving state secrets
  • Systems that must pass a cryptography assessment

✅ Recommended use cases

  • Systems deployed within China
  • Systems that interface with government agencies and financial institutions
  • Projects requiring domestic replacement of foreign technology
  • Data integrity verification
  • Secure password storage
  • Digital signature message digest (withSM2)
  • Products aimed at the domestic market

SM3 Used together with other hash algorithms

🔐 SM3 + SM2(Recommended)

Digital signature scheme:

  1. Compute the message digest with SM3
  2. Sign the digest with the SM2 private key
  3. Verify the signature with the SM2 public key
  4. Ensures data integrity and source authenticity

Application:E-contracts, software signing, and identity authentication

🔒 SM3 + Salt

Password storage scheme:

  • Generate a random salt(Salt)
  • Combine the password with the salt
  • Compute the hash value with SM3
  • Store the salt and the hash value
  • Recompute for verification at login

Benefits:Resist rainbow table attacks and improve password security

SM3 vs SHA-256 Selection guide

🇨🇳 Select SM3

  • Requires SM compliance (mandatory)
  • Government systems and financial institutions
  • Critical information infrastructure
  • Must pass a cryptographic assessment
  • Domestic replacement projects
  • Systems deployed within mainland China
  • Used with SM2 and SM4

🌐 Select SHA-256

  • International standard applications
  • Cross-border business systems
  • Scenarios without compliance requirements
  • International open-source projects
  • Interoperating with international standards
  • Blockchain applications
  • General web applications

Security Considerations

⚠️ Avoid Common Mistakes

  • ❌ Storing plaintext passwords directly
  • ❌ Not using a salt(Salt)
  • ❌ Using a fixed salt
  • ❌ computing the hash only once (in password storage scenarios)
  • ❌ Mixing SM3 withSHA-256
  • ❌ Using uncertified cryptography libraries
  • ❌ Ignoring assessment requirements

✅ Recommended Practices

  • ✅ Password storage must use a salt
  • ✅ Use a different random salt for each user
  • ✅ Consider using a slow hash(PBKDF2-SM3)
  • ✅ Standardize on the national SM algorithm system
  • ✅ Use SM/GM-certified cryptography products
  • ✅ Perform regular assessments and security audits
  • ✅ Used together with SM2 and SM4

SM/GM migration guide

1

Assess compliance requirements

Confirm whether your system is critical information infrastructure and whether it must pass a cryptography assessment. Consult an assessment body certified by the State Cryptography Administration to learn the specific compliance requirements

2

Choose SM/GM products

Choose cryptographic modules, devices, or services certified by the State Cryptography Administration for commercial cryptography products. Common open-source libraries include GmSSL and Tongsuo

3

Implement algorithm replacement

Replace SHA-256 with SM3, RSA with SM2, and AES with SM4. A dual-algorithm transition approach is recommended to complete the migration gradually

4

Data migration

For existing SHA-256 hash data, plan a migration strategy. A dual-storage approach can be used — SM3 for new data while legacy data is migrated gradually

5

Testing and assessment

Conduct thorough functional and performance testing. Apply for a commercial cryptography application security assessment; only after passing may the system go into production

Cross-language implementation reference

💻 Common Programming Languages

JavaScript/Node.js:

  • sm-crypto(used by this tool) - browser-side
  • node-sm-crypto - Node.js-side

Java:

  • Bouncy Castle(SupportSM3)
  • Vendors’ SM/GM Java libraries

Python:

  • gmssl - PythonSM/GM library
  • python-sm3

Go:

  • github.com/tjfoc/gmsm - GoSM/GM library

C/C++:

  • GmSSL - Open-source SM/GM toolkit
  • Tongsuo(formerlyBabaSSL)

🔧 Command-Line Tools

GmSSL:

  • SM3Hash calculation
  • File integrity checking
  • Batch file processing

Example command:

  • gmssl sm3 file.txt
  • echo "Hello" | gmssl sm3

FAQ

❓ SM3What are the differences from SHA-256?

SM3and SHA-256 are both hash algorithms with 256-bit output,Comparable security strength。The main differences are:1) SM3is a Chinese national standard (GB/T 32905), whereas SHA-256 is a U.S. standard(FIPS 180-4);2) SM3Uses different round functions and message expansion;3) InMandatory in SM compliance scenariosSM3,cannot be replaced by SHA-256. Performance is comparable, but SM3 may be faster in environments with SM hardware acceleration。

❓ When you must use itSM3?

Under the Measures for the Administration of Commercial Cryptography Application Security Assessment》,Critical information infrastructure, and important networks and information systemsmust be protected with commercial cryptography. These include government systems, financial institutions, telecom carriers, energy enterprises, and critical industrial control systems. In these scenarios you must use SM algorithms such as SM3 and passCryptography assessment (commercial cryptography application security assessment)

❓ SM3Can it be used for password storage?

Yes, but adding a salt is recommended。Storing passwords with SM3 directly is not secure enough and is vulnerable to rainbow table attacks。Recommended practice:1) generate a random salt for each user; 2) combine the password with the salt and compute SM3; 3) store the salt and the hash value。A better approachis to use PBKDF2-SM3 or another slow hashing algorithm, increasing cracking difficulty through many iterations。

❓ SM3How does it compare to MD5?

SM3Far more secure than MD5。MD5has been proven to have serious collision vulnerabilities,should no longer be used in any security-sensitive scenario。SM3produces 256-bit output (MD5 only 128-bit), with 128-bit security strength (MD5 only 64-bit) and collision resistance of2^128(MD5has been broken). If your system still usesMD5,Migration to SM3 is strongly recommended, orSHA-256

❓ How to pass the cryptography assessment?

Passing the assessment requires:1)Use commercial cryptography products certified by the State Cryptography Administration;2)Establish a robust key management system;3)Correctly implement SM/GM algorithms such as SM2/SM3/SM4;4)Draft a cryptography application plan and security policy;5)Engage a qualified assessment body to perform the evaluation. RecommendedFactor in assessment requirements as early as the system design phase,Avoids large-scale rework later。

Learning resources

📚 Technical Standards

  • GB/T 32905 - SM3standard
  • GB/T 32918 - SM2standard
  • GB/T 32907 - SM4standard
  • GM/T 0004 - SM3Cryptographic hash algorithm
  • 《Measures for the Administration of Commercial Cryptography Application Security Assessment》

🔧 Tool Documentation

  • GmSSLDocumentation and tutorials
  • sm-cryptoUser Guide
  • Tongsuo(formerly BabaSSL) documentation
  • State Cryptography Administration official website