#01
What is SM2?
SM2 is specified in the Chinese cryptography industry standard GM/T 0003-2012. It defines a suite of elliptic curve operations including public-key encryption, digital signature, and key exchange.
At the same security level, a 256-bit SM2 key is roughly equivalent to a 3072-bit RSA key in terms of computational hardness. SM2 signatures and ciphertexts are therefore much smaller than RSA counterparts and generally faster to compute.
This tool lets you generate SM2 key pairs, encrypt, decrypt, sign and verify entirely in your browser — a handy aid for debugging GM/T compliant APIs and validating ciphertext format on the fly.
#02
Key Structure & Ciphertext Formats
SM2 operates on the elliptic curve y² = x³ + ax + b over the prime field GF(p), where p is a 256-bit prime. A valid SM2 key pair consists of:
- Private key: a 256-bit random integer that must be kept secret.
- Public key: a 64-byte curve point (256-bit x coordinate || 256-bit y coordinate), usually prefixed with 04 to indicate uncompressed form.
Two ciphertext layouts are widely used: C1C2C3 (legacy, random point → ciphertext → digest) and C1C3C2 (modern standard, random point → digest → ciphertext). This tool supports both, and you can choose DER (ASN.1) or R|S concatenation for signature encoding.
#03
Data Security & Privacy
Keep in mind: SM2 public-key encryption protects confidentiality during transit only — it does not replace transport-layer security. In production deployments, SM2 should always be combined with SM3 hashing, SM4 symmetric encryption, and used over TLS/HTTPS channels.
All key generation, encryption, decryption and signing operations in this tool run locally inside your browser. No input is uploaded to a server, and nothing is written to localStorage.
A few additional recommendations:
- When using production private keys, work in a private window or offline environment, and clear the inputs afterwards.
- In production, SM2 private keys must be stored encrypted (e.g. via PKCS#8 with a passphrase, or on an HSM).
- Make sure both parties agree on the UserID for signature/verification (default is often 1234567812345678).
- When integrating with 3rd-party systems, confirm the ciphertext order (C1C2C3 vs C1C3C2) and the signature encoding format up front.