SM4SM/GM online encryption and decryption
Format:
Plaintext encoding:
Ciphertext encoding:
Result

SM4SM/GM encryption tool user guide

SM4is a symmetric block cipher algorithm developed by the Chinese State Cryptography Administration and a key component of China’s national cryptographic standards (Chinese Commercial Cryptography). This tool provides professional online SM4 encryption and decryption, supporting both CBC and ECB modes, with smart key generation, multiple encoding formats, and file import/export. It delivers standards-compliant encryption solutions for government, financial, and enterprise systems.。

Key features

🇨🇳 SM/GM standard compliance

Fully compliant with the SM4 Block Cipher Algorithm national standard (GB/T 32907-2016), suitable for all kinds of cryptography-compliance scenarios.。

CBCMode example:
Input: SM/GM algorithm testing
Key:1234567890abcdef (16 bytes)
IV:fedcba0987654321 (16 bytes)
Output: Base64-encoded ciphertext

Use cases:Cryptography-compliant encryption for government systems, financial institutions, and enterprise applications.

🔑 128-bit Fixed Key

SM4The algorithm uses a fixed key length of 128 bits (16 bytes), offering security comparable to AES-128.。

  • Key length: fixed 16 bytes (128 bits)
  • Block length: fixed at 16 bytes (128 bits)
  • Supports three key formats: Text, HEX, and Base64.
  • Random key generator
  • Real-time key format validation
  • Automatic IV generation

🔐 Dual-mode encryption

Supports both CBC and ECB modes; CBC offers higher security and is recommended.。

  • CBCMode:RequiredIV,High security(Recommended)
  • ECBmode: no IV required, simple to implement.
  • Pkcs7Padding: automatic data alignment.
  • Multiple encoding support
  • Cross-platform compatibility

📁 File processing support

Supports import and export of text files for easy batch processing and data management.

  • Supports importing multiple text formats
  • One-click export of encryption results
  • UTF-8 support
  • Large file handling
  • Batch text encryption

How to use

1

Select a mode and enter your data

Select an SM4 encryption mode (CBC is recommended) and enter the text to encrypt in the editor, or click"Import text file"Load document content

2

Set the encryption key and IV

Enter a 16-byte SM4 key in the key field, or click"Generate key"generate it automatically. CBC mode requires a 16-byte IV (initialization vector)

3

Run encryption or decryption

Click"Encrypt"to convert the text into SM4 ciphertext; click"Decrypt"Restores ciphertext to plaintext. The result and detailed statistics are shown on the right, where you can copy or export them

SM4SM/GM algorithms explained

SM4is a block cipher algorithm published by the Chinese State Cryptography Administration in 2012. It became a national cryptographic industry standard (GB/T 32907-2016) in 2016 and an international standard (ISO/IEC 18033-3:2010/Amd 1:2021) in 2021. SM4 uses a key length and block length of 128 bits (16 bytes), employs a 32-round non-linear iterative structure, and offers security comparable to AES-128. It is one of the core algorithms in China’s commercial cryptography system.。

SM4 Technical features

🇨🇳 National standard

Compliant with the GB/T 32907-2016 national standard and incorporated into ISO/IEC international standards. It is a legally binding commercial cryptographic algorithm mandated for use in China’s government, finance, and other sectors.

🔒 Safe & reliable

Rigorously evaluated by the State Cryptography Administration, it uses a 32-round Feistel structure to resist differential attacks, linear attacks, and other cryptanalytic methods, offering security on par with leading international algorithms.

⚡ Excellent performance

The algorithm is compact and efficient, with hardware acceleration support. It performs well across CPUs, embedded devices, smart cards, and other platforms, making it well suited to resource-constrained environments.

🌐 Widely supported

Major Chinese cryptographic libraries such as GmSSL and Tongsuo all support SM4. Mature implementations exist across programming languages, with strong cross-platform compatibility.

SM4 Modes of operation explained

CBC (Cipher Block Chaining) - Recommended

Features: each plaintext block is XORed with the previous ciphertext block before encryption

Benefits:The most common mode, highly secure, identical plaintext produces different ciphertext

Requirements:Requires a 16-byte initialization vector (IV); the IV must be random and unpredictable.

Padding:Uses PKCS7 padding (fixed implementation of the sm-crypto library)

Use cases:File encryption, database field encryption, general data encryption, and government systems.

ECB (Electronic Code Book) - Use with caution

Features: the simplest mode, each block is encrypted independently

Benefits:Simple to implement, supports parallel processing, and does not requireIV

Drawbacks:Lower security, identical plaintext produces identical ciphertext,Cannot hide data patterns

Padding:Uses PKCS7 padding (fixed implementation of the sm-crypto library)

Use cases:Random data encryption and scenarios with low security requirements.

SM4 Comparison with AES

Similarities

  • Both are block cipher algorithms.
  • The block length is 128 bits in both cases.
  • Comparable levels of security.(SM4 ≈ AES-128)
  • Supports multiple encryption modes (CBC, ECB, etc.)
  • Both have been validated by international cryptography experts.

Differences

  • Key length:SM4Fixed at 128 bits, whereas AES supports 128/192/256 bits.
  • Number of encryption rounds:SM4Fixed at 32 rounds, whereas AES uses 10/12/14 rounds.
  • Algorithm structure:SM4uses a Feistel structure, whereas AES uses an SPN structure.
  • Standardization:SM4is a Chinese standard, whereas AES is a US/international standard.
  • Scope of application:SM4Primarily used in China, whereas AES is used worldwide.

SM4 Use cases

🏛️ Government systems

Data encryption for e-government, government information systems, document workflow systems, and other public-sector applications, in compliance with national cryptography requirements.

🏦 Financial industry

Cryptography-compliant encryption for the financial sector, including banking systems, payment systems, securities trading, and financial data transmission.

📱 Mobile payment

Encryption protection for sensitive information in mobile payment apps such as Alipay and WeChat Pay.

🏢 Enterprise applications

Business applications requiring SM/GM compliance, such as enterprise information systems, OA systems, and ERP systems

🔐 Database encryption

Encryption of sensitive database fields such as user privacy, identity information, and financial data.

📡 Communication encryption

Data transmission encryption for communication applications such as instant messaging, video conferencing, and VPNs.

📄 File encryption

Encrypted storage of government files, corporate documents, and personal private files.

🌐 IoT

Data encryption for IoT scenarios such as smart devices, industrial control systems, and smart cities.

SM4Encryption best practices

Cryptography compliance requirements

📋 Use cases

Under the Administrative Measures for Commercial Cryptography Application Security Assessment, critical information infrastructure and important networks and information systems must be protected with commercial cryptography, including in government, finance, telecommunications, and energy.

🔐 Key Management

Keys should be generated and managed by a key management system that meets national standards, and simple passwords must not be used. Keys should be rotated regularly, typically every 6 to 12 months.

🏛️ Testing and certification

SM4 implementations used in critical sectors should be certified by the State Cryptography Administration and rely on cryptographic modules or services certified as commercial cryptography products.

📚 Standards compliance

Strictly follows national standards such as GB/T 32907-2016 (Information Security Technology — SM4 Block Cipher Algorithm) to ensure a correct and secure implementation.

Key and IV usage guidelines

✅ Key usage guidelines

  • The key must be 16 bytes of randomly generated data.
  • Do not use simple strings or predictable keys.
  • Use a cryptographically secure random number generator (CSPRNG)
  • Keys should be stored securely and never hard-coded.
  • Rotate keys regularly (every 6 to 12 months recommended)
  • Keys should be transmitted over a secure channel (such as SM2 encryption)

✅ IVUsage guidelines

  • IVIt must be 16 bytes long.
  • Use a new random IV for each encryption
  • The IV can be public but must not be reusedUsage
  • IVStore or transmit it together with the ciphertext.
  • ECBModeNo IV required
  • CBC modes must use IV

Cross-language compatibility

Common SM4 implementation libraries

JavaScript:

  • sm-crypto(used by this tool) — a lightweight Chinese cryptography library.
  • gmssl - A complete Chinese cryptography algorithm suite.

Java:

  • Bouncy Castle - BC Provider
  • Chinese cryptography Java libraries — provided by various vendors.

Python:

  • gmssl - PythonSM/GM library
  • pycryptodome - SupportSM4

Go:

  • github.com/tjfoc/gmsm - GoSM/GM library

Compatibility notes

  • Make sure the same encryption mode is used.(CBC/ECB)
  • The padding scheme must be consistent.(Pkcs7)
  • The encoding formats of the key and IV must be consistent.
  • Be aware of differences in default parameters across libraries.
  • Verify with known test vectors during testing.
  • The ciphertext encoding format must be consistent.(Base64/Hex)

FAQ and solutions

❓ SM4Which is more secure, it or AES??

From a purely technical standpoint, SM4 and AES-128 offer comparable security, both resisting all currently known cryptographic attacks.。Selection criteriaIt is mainly a compliance requirement: China’s government, finance, and other critical sectors must use Chinese algorithms such as SM4, while international applications typically use AES. Both are rigorously validated, secure algorithms.。

❓ Why does SM4 support only 128-bit keys??

SM4Designed with consideration forA balance of security and performance.。128 bitsKey(2^128combinations) is already sufficient to withstand all brute-force attacks now and in the foreseeable future. A fixed key length simplifies implementation and improves hardware acceleration efficiency, making it especially suitable for resource-constrained embedded devices and smart cards.。

❓ How to use it in JavaSM4?

JavaUsing SM4 in it requires includingBouncy Castlecryptographic library. After adding the dependency, useCipher.getInstance("SM4/CBC/PKCS7Padding", "BC")to create the cipher. Note that Java’s standard library does not support SM4 by default, so a third-party cryptographic library is required. Make sure both the key and IV are 16 bytes long, consistent with JavaScript and other languages.。

❓ SM4How much larger does the data get after encryption??

BecausePkcs7Padding, the encrypted data length is always a multiple of 16 bytes, adding at most 16 bytes (one block). For example, a 15-byte plaintext is padded to 16 bytes, and a 17-byte plaintext is padded to 32 bytes. After Base64 encoding, the data grows by about a further 33% (a factor of 4/3)。

❓ What should you watch out for when migrating to Chinese cryptography??

Migrating to Chinese cryptography is a systematic project that must consider:1)Choose cryptographic products that meet national standards.;2)Establish a complete key management system.;3)Migrate existing encryption interfaces and storage.;4)Compatibility testing and data migration.;5)Pass the cryptography assessment (Commercial Cryptography Application Security Assessment). Engaging a professional cryptography service provider to guide implementation is recommended.。

Security recommendations

⚠️ Avoid Common Mistakes

  • Do not use ECB mode to encrypt sensitive data
  • Do not reuse the sameIV
  • Do not use weak keys or simple strings.
  • Do not store keys in client-side JavaScript
  • Do not use uncertified cryptographic libraries.
  • Do not neglect secure key management.

✅ Recommended security practices

  • Prefer CBC mode.
  • Generate a new random one for every encryptionIV
  • Use a cryptographically secure random number generator.
  • Establish a robust key management system
  • Use cryptographic products certified for Chinese cryptography.
  • Conduct regular security audits and cryptography assessments.
  • Combine with SM3 for message authentication.

Related Chinese cryptography algorithms

SM2 - Asymmetric encryption

An elliptic-curve-based public-key algorithm used for digital signatures, key exchange, and encryption/decryption. It can be used to protect the transmission of SM4 keys.

SM3 - Hash algorithm

A cryptographic hash algorithm that produces a 256-bit digest. It is often used together with SM4, for example HMAC-SM3 for message authentication.

SM9 - Identity-based cryptography

An identity-based cryptographic algorithm that can use an identifier (such as an email address or phone number) as the public key, simplifying certificate management.

ZUC - Stream cipher

A stream cipher algorithm primarily used for data encryption and integrity protection in mobile communications (4G/5G).