SM2 (国密) Encrypt & Decrypt

Free online SM2 (国密) Encrypt & Decrypt tool. 100% local processing — your data never leaves your device.

National Standards
Other
Output

Result will be displayed here...

Input Encrypt

Usage Guide

About SM2

SM2 is China's national elliptic-curve cryptography (ECC) standard, defined in GM/T 0003-2012 and published by the State Cryptography Administration (SCA/OSCCA) in 2010. It is based on a 256-bit elliptic curve with custom SM2 curve parameters, offering security equivalent to RSA-3072 but with shorter keys and faster computation. SM2 defines three functions: asymmetric encryption, digital signature, and key exchange. This tool covers the encryption function — encrypt with the public key, decrypt with the private key, the same conceptual model as RSA.

Chinese National Standard: SM2 is mandated by China's Cryptography Law for systems involving national security and public welfare. If your system must comply with Chinese regulations (banking, government, critical infrastructure), SM2 is the required choice over RSA or standard ECC.

Usage Steps

SM2 encryption and decryption follow these steps:

1. Select Cipher ModeChoose C1C3C2 (new standard, recommended) or C1C2C3 (old standard, backward compatibility only)
2. Generate Key PairClick 'Generate Key Pair' to produce a 128-char hex public key and a 64-char hex private key
3. Save Both KeysCopy and securely store the public key (128-char hex) and private key (64-char hex) — the private key cannot be recovered
4. EncryptPaste the public key, enter plaintext, click 'Encrypt' — the output is Base64-encoded ciphertext
5. DecryptPaste the private key, paste the Base64 ciphertext, click 'Decrypt' — the original plaintext is recovered
Privacy Protection: All SM2 operations are performed locally in your browser via WebAssembly. No data is sent to any server — completely offline processing.

Cipher Modes: C1C3C2 vs C1C2C3

SM2 ciphertext is composed of three components arranged in a specific order:

C1Ephemeral public key point — 64 bytes (x and y coordinates of the random elliptic-curve point used in encryption)
C2Ciphertext body — same length as the plaintext, produced by XOR with a key stream derived from C1
C3Hash digest — 32 bytes (SM3 hash of plaintext and key material, providing integrity verification)
C1C3C2 (new standard)Order: ephemeral key → hash → ciphertext. Defined in the updated GM/T 0003.4-2012 standard. Recommended for all new implementations.
C1C2C3 (old standard)Order: ephemeral key → ciphertext → hash. The original ordering from earlier versions. Use only when interoperating with legacy systems.
Mode Mismatch: Encryption and decryption must use the same cipher mode. If you encrypt with C1C3C2 but decrypt with C1C2C3 (or vice versa), decryption will fail or produce garbage. Always confirm the mode with the counterpart system before exchanging ciphertext.

Key Format

SM2 uses raw hex strings for keys — not PEM certificates like RSA. Understanding the key format prevents common integration errors:

Public Key (128-char hex)64 bytes representing the x and y coordinates of a point on the SM2 curve, concatenated as x‖y. No '04' uncompressed-point prefix is included in this tool's format.
Private Key (64-char hex)32 bytes representing the private scalar d. Keep this secret — it is the only way to decrypt data encrypted with the corresponding public key.
No PEM / DER wrappingSM2 keys in Chinese ecosystems are commonly exchanged as plain hex strings, unlike RSA keys which use Base64-encoded PEM headers.
Interoperability noteSome SM2 libraries (e.g., OpenSSL with SM2 support) encode keys in DER/PEM format. Convert between formats using tools provided by your cryptographic library.
Key Length Quick Reference: Public key = 128 hex chars (64 bytes). Private key = 64 hex chars (32 bytes). If your key has a different length, it may include an "04" prefix or use a different encoding — strip or convert accordingly.

FAQ

Q: What is the difference between SM2 and RSA?

A: Both SM2 and RSA are asymmetric algorithms: encrypt with the public key, decrypt with the private key. The key differences are: Mathematical basis: RSA relies on integer factorization; SM2 relies on elliptic-curve discrete logarithm. Key size: SM2 uses a 256-bit key that is security-equivalent to RSA-3072, resulting in much shorter keys and smaller ciphertext. Performance: SM2 is faster than RSA at equivalent security levels for both key generation and encryption/decryption operations. Compliance: SM2 is mandated by Chinese regulations; RSA is the international standard. When to choose: Use SM2 for systems that must comply with Chinese cryptography laws; use RSA or standard ECC (P-256) for international interoperability.

Q: When must I use SM2 instead of RSA or ECC?

A: China's Cryptography Law (2020) and associated regulations require SM algorithms for systems involving national security, critical information infrastructure, and public-facing financial services. Specific scenarios include: Government systems — all e-government platforms and authentication systems. Financial institutions — Chinese banks are required by the People's Bank of China (PBOC) to use SM2/SM3/SM4 in their core systems. Electronic invoices and licenses — mandated by the State Taxation Administration and relevant agencies. Cross-border projects: If your system operates internationally and does not specifically require Chinese regulatory compliance, use standard RSA or ECDSA (P-256) for broader library support and interoperability.

Q: Why does my decryption fail even though I'm using the correct private key?

A: The most common cause is a cipher mode mismatch: the ciphertext was encrypted with C1C3C2 but you are attempting to decrypt it with C1C2C3 (or vice versa). Always confirm the mode with the encrypting party. Other causes include: Truncated ciphertext — SM2 ciphertext is at minimum 97 bytes (C1: 64 bytes + C3: 32 bytes + at least 1 byte C2); if the Base64 string is too short, it has been corrupted or truncated. Wrong key — the private key does not correspond to the public key used for encryption. Encoding issue — some systems output ciphertext with a leading "04" byte prefix for the C1 component; ensure both sides agree on whether the prefix is included.

Q: Is SM2 secure? How does it compare to standard ECC (P-256)?

A: SM2's 256-bit key provides security equivalent to approximately RSA-3072, which is well above current recommendations (RSA-2048 is the current minimum). Compared to NIST P-256: both offer similar 128-bit security levels. The SM2 curve uses different domain parameters defined by OSCCA rather than NIST. Cryptographic assessment: No practical attacks against the SM2 curve are known. Independent researchers have reviewed the curve parameters and found no signs of a backdoor, though it has received less public scrutiny than NIST curves. Practical note: SM2 is not widely supported outside China — international libraries (OpenSSL, BouncyCastle) support it, but most cloud providers and browsers do not natively support SM2-based TLS. For international use, standard ECC (P-256) is the better choice.

Q: Can SM2 be used for digital signatures in this tool?

A: This tool implements SM2 encryption/decryption only. The SM2 standard also defines a digital signature scheme (analogous to ECDSA) and a key exchange protocol, but those are separate functions not covered here. For signature and verification workflows, you will need a dedicated SM2 signature library. In Chinese compliance scenarios, SM2 digital signatures are often required alongside SM3 (the national hash algorithm) and SM4 (the national symmetric cipher) for a complete cryptographic suite.

Use Cases

Recommended: Government System Authentication

Chinese e-government platforms and public-service systems are required by law to use SM algorithms. SM2 is used for identity authentication, secure channel establishment, and digital signatures on official documents. If you are building a system that interfaces with government APIs, processes citizen identity data, or issues official electronic credentials, SM2 is not optional — it is a compliance requirement. Pair SM2 with SM3 for hashing and SM4 for symmetric encryption to form a fully compliant national cryptography suite.

Recommended Configuration:
  • ✅ SM2 (mandatory for government systems)
  • ✅ SM2 + SM3 + SM4 (full national cryptography suite)
  • ❌ RSA or ECC alone does not satisfy Chinese regulatory requirements
  • 💡 Verify your certificate authority supports SM2 certificates
Recommended: Financial Institution Transaction Encryption

The People's Bank of China (PBOC) mandates the use of SM2/SM3/SM4 in Chinese banking core systems, payment platforms, and financial infrastructure. SM2 is used to encrypt sensitive transaction data, protect card information, and secure inter-bank communication. Online banking applications, mobile payment SDKs, and POS terminal firmware in China are legally required to implement SM2. Even foreign banks operating in China must comply when handling transactions subject to Chinese financial regulations.

Recommended Configuration:
  • ✅ SM2 (required by PBOC for Chinese financial systems)
  • ✅ Use C1C3C2 mode (current standard)
  • 💡 Coordinate cipher mode and key encoding format with your banking partner
  • ❌ RSA is not acceptable as the sole algorithm in PBOC-regulated systems
Recommended: Electronic Invoices and Official Licenses

China's electronic invoice system, electronic business licenses, and digital certificates issued by government agencies all use SM2 for signing and encryption. Taxpayer systems, invoice verification platforms, and the national enterprise credit system rely on SM2 to ensure the authenticity and integrity of official documents. If you are integrating with these platforms — for example, building an ERP system that interfaces with the State Taxation Administration's invoice system — your cryptographic implementation must use SM2.

Recommended Configuration:
  • ✅ SM2 for document signing and encryption
  • ✅ SM3 for digest computation on signed content
  • 💡 Use SM2 certificates issued by a CFCA-certified CA
  • ❌ Standard TLS certificates (RSA/ECDSA) are insufficient for regulated document signing
Recommended: Critical Infrastructure Secure Communications

Power grids, water systems, transportation networks, and telecommunications operators in China classified as critical information infrastructure (CII) are required to use national cryptography standards. SM2 is used for device authentication, secure command transmission, and operator identity verification. Industrial control systems (ICS/SCADA) deployed in China must also comply with these requirements under the Cybersecurity Law and relevant sector-specific regulations.

Recommended Configuration:
  • ✅ SM2 for device and operator authentication
  • ✅ SM4 for bulk data encryption (more efficient than SM2 for large payloads)
  • 💡 Implement certificate rotation and key lifecycle management
  • 💡 Consult OSCCA guidelines for specific sector requirements
Not Recommended: International or Cross-Border Projects

If your system operates internationally or interoperates with non-Chinese partners, SM2 is not the right choice. Most international libraries, browsers, cloud providers, and hardware security modules (HSMs) do not natively support SM2. The lack of broad ecosystem support creates interoperability headaches and integration costs. For international projects, use RSA-2048/4096 or standard ECC (P-256/P-384). If your system must operate in both China and internationally, architect separate cryptographic layers — SM2 for the China-facing components and standard algorithms for the international-facing ones.

Recommended Configuration:
  • ✅ RSA-2048 or RSA-4096 (international standard)
  • ✅ ECC P-256 / P-384 (modern international standard)
  • ❌ SM2 has very limited support outside Chinese ecosystems
  • 💡 For dual-region systems, use SM2 for China and RSA/ECC for international components

Best Practice Recommendations

  • Use SM2 exclusively when Chinese regulatory compliance (Cryptography Law, PBOC, government standards) is required. For purely international systems, RSA or standard ECC provides better ecosystem support.
  • Always use C1C3C2 mode for new implementations. C1C2C3 exists only for backward compatibility with legacy systems.
  • Treat the private key with the same care as a password: store it encrypted, never log it, and rotate keys periodically.
  • Pair SM2 with SM3 (hash) and SM4 (symmetric) to form a fully compliant national cryptography suite (as required by most Chinese regulations).
  • Confirm the key encoding format (hex vs. PEM/DER, with or without '04' prefix) with your integration partner before exchanging keys or ciphertext.

Discussion & Feedback

0 comments
Me