SM2 Encryption/Decryption Tool
SM2 asymmetric encryption algorithm.
Encrypt
Decrypt
Sign
Verify
C1C3C2 (Standard)
C1C2C3 (Old Standard)
DER (ASN.1)
R|S (Concatenated)
Private Key:
Hex
Base64
Public Key:
Hex
Base64
Input
UTF-8
Hex
Base64
Result
Hex
Base64

About SM2: Chinese National ECC Standard

SM2 is the official Chinese national standard for asymmetric cryptography, based on the Elliptic Curve Discrete Logarithm Problem (ECDLP). Below is a brief introduction to how SM2 works, the ciphertext formats it produces, and common real-world usage patterns.

#01

What is SM2?

SM2 is specified in the Chinese cryptography industry standard GM/T 0003-2012. It defines a suite of elliptic curve operations including public-key encryption, digital signature, and key exchange.

At the same security level, a 256-bit SM2 key is roughly equivalent to a 3072-bit RSA key in terms of computational hardness. SM2 signatures and ciphertexts are therefore much smaller than RSA counterparts and generally faster to compute.

This tool lets you generate SM2 key pairs, encrypt, decrypt, sign and verify entirely in your browser — a handy aid for debugging GM/T compliant APIs and validating ciphertext format on the fly.

#02

Key Structure & Ciphertext Formats

SM2 operates on the elliptic curve y² = x³ + ax + b over the prime field GF(p), where p is a 256-bit prime. A valid SM2 key pair consists of:

  • Private key: a 256-bit random integer that must be kept secret.
  • Public key: a 64-byte curve point (256-bit x coordinate || 256-bit y coordinate), usually prefixed with 04 to indicate uncompressed form.

Two ciphertext layouts are widely used: C1C2C3 (legacy, random point → ciphertext → digest) and C1C3C2 (modern standard, random point → digest → ciphertext). This tool supports both, and you can choose DER (ASN.1) or R|S concatenation for signature encoding.

#03

Data Security & Privacy

Keep in mind: SM2 public-key encryption protects confidentiality during transit only — it does not replace transport-layer security. In production deployments, SM2 should always be combined with SM3 hashing, SM4 symmetric encryption, and used over TLS/HTTPS channels.

All key generation, encryption, decryption and signing operations in this tool run locally inside your browser. No input is uploaded to a server, and nothing is written to localStorage.

A few additional recommendations:

  • When using production private keys, work in a private window or offline environment, and clear the inputs afterwards.
  • In production, SM2 private keys must be stored encrypted (e.g. via PKCS#8 with a passphrase, or on an HSM).
  • Make sure both parties agree on the UserID for signature/verification (default is often 1234567812345678).
  • When integrating with 3rd-party systems, confirm the ciphertext order (C1C2C3 vs C1C3C2) and the signature encoding format up front.
📖 Want to learn more?
Read the full SM2 guide: from elliptic curve fundamentals, key structure, C1C2C3 vs C1C3C2 comparison, signing and verification flow, seven real-world usage scenarios, to the complete SM2/SM3/SM4 Chinese crypto stack best practices (~12-minute read).
Read the full guide →