SM4 Encryption Tool

Free SM4 encryption/decryption tool supporting ECB/CBC, PKCS padding, HEX/Base64 formats, and random key/IV generation for GM/T algorithms.

Settings

Key & IV Settings

Encrypt/Decrypt

SM4 Knowledge

About SM4

SM4 is the Chinese national block cipher with a 128-bit block size and a 128-bit key. It is widely used across the GM/T standards ecosystem, including SM TLS/SSL, WAPI for WLAN security, e-government and finance.

Relationship with AES

  • Commonalities:
    • Both are 128-bit block ciphers; support common modes (ECB/CBC) and standard paddings (PKCS#5/7).
    • Very similar operational model: requires a key (Key), optional IV, chooses mode and padding, then processes plaintext in blocks.
  • Differences:
    • Standards & ecosystem: AES is an international standard (FIPS 197) and globally adopted; SM4 is a Chinese national standard (GM/T series) used to meet local compliance and regulatory requirements.
    • Key length: AES supports 128/192/256-bit keys; SM4 is fixed at 128-bit.
    • Performance & hardware: modern CPUs/GPUs have broader hardware acceleration for AES; SM4 hardware acceleration is improving and depends on platform.
    • Compliance: in China or China-facing scenarios, SM4 is often required for “GuoMi” compliance; cross-border/global scenarios commonly use AES.

ECB vs CBC

Item ECB CBC
Uses IV No Yes (16 bytes)
Error propagation None Yes (per block)
Parallelism High Low (chained)
Security Low (reveals structure) High (recommended)
Typical use Random data, testing Real business data
  • ECB: encrypts each 16-byte block independently; leaks structural patterns. Not recommended for structured/repetitive data.
  • CBC: uses a random and non-reusable 16-byte IV; links adjacent blocks, effectively masking patterns and improving security for business use.

Padding & Alignment

  • PKCS#5/PKCS#7: automatically pads to a multiple of 16 bytes; suitable for most text/binary data.
  • NoPadding: no padding; plaintext/ciphertext must be a multiple of 16 bytes; suitable for pre-aligned data or custom protocols.

Recommendations

  1. Mode selection: prefer CBC; avoid ECB for structured data.
  2. IV management: CBC IV must be cryptographically secure random and unique per encryption.
  3. Key generation: use secure random 128-bit keys; avoid weak/predictable values.
  4. Output format: use HEX or Base64 for ciphertext; Base64 is recommended for cross-system transport.
  5. Compliance: in China or GuoMi-compliant systems, use SM4; in international ecosystems, AES is typically primary.