• Cipher Mode: 
  • Padding: 
  • Key Size: 
Key: 
   IV: 
  • Character Set:
  • Format:
    (Encrypted format represents output, decrypted format represents input)

Description

SM4 is a block cipher algorithm published by the Chinese National Cryptography Administration, also known as the commercial cryptographic SM4 algorithm. It is a symmetric encryption algorithm used to replace traditional symmetric encryption algorithms like DES and AES. The "SM" in SM4 stands for commercial cryptography, which is used for commercial purposes and does not involve national secrets.
The SM4 algorithm has the following characteristics:
  • High Security: The SM4 algorithm employs a 32-round Feistel structure and nonlinear S-boxes, combined with substitution, permutation, and XOR operations to ensure its security and resistance to attacks.
  • High Efficiency: The SM4 algorithm exhibits high efficiency in both hardware and software implementations, allowing for fast encryption and decryption operations on different platforms.
  • National Standard: The SM4 algorithm is a cryptographic algorithm standard published by the Chinese National Cryptography Administration and is widely used in China's information security field.
  • Flexible Key Length: The SM4 algorithm supports a 128-bit key length, providing sufficient security and allowing for adjustment based on actual requirements.
  • Good Compatibility: The SM4 algorithm has a block length of 128 bits, making it compatible with existing cryptographic protocols and systems, enabling interoperability with other symmetric encryption algorithms.

Operation Modes
  • CBC: Cipher Block Chaining, where plaintext is divided into fixed-size blocks and encrypted sequentially. Each block (group) is XORed with the encrypted data of the previous block before encryption. To ensure uniqueness of each message, the first data block is XORed with an initialization vector (IV) before encryption. CBC mode is a widely used encryption mode, but its main drawback is that encryption is sequential and cannot be parallelized. Like ECB, message blocks must be padded to a multiple of the block size.
  • ECB: Electronic Codebook, the simplest encryption mode where plaintext messages are divided into fixed-size blocks, with each block encrypted separately. Each block is encrypted and decrypted independently using the same method, allowing for parallel processing. However, if one block is decrypted, all plaintext data can be decrypted using the same method, compromising security. Suitable for scenarios with minimal data, where plaintext data needs to be padded to a multiple of the block size.
  • OFB: Output Feedback, which transforms block ciphers into stream ciphers, encrypting bit by bit or byte by byte. It uses an initialization vector (IV) as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. OFB mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication.
  • CFB: Cipher Feedback, which divides data into bits rather than blocks, providing characteristics of stream cipher encryption for encrypting data of any length. It allows for bit-by-bit or byte-by-byte encryption and decryption without padding. Similar to CBC mode, the ciphertext of the previous block is XORed with the plaintext of the current block to generate the ciphertext for the current block. Therefore, CFB mode is sensitive to transmission errors and data loss as an error bit can affect subsequent encryption results.
  • CTS: Cipher Text Stealing, used to address the problem of the last block length being insufficient in block cipher encryption. During encryption, if the last block length is insufficient, partial ciphertext blocks are used to pad the plaintext block before encryption. During decryption, if the last block length is insufficient, partial ciphertext blocks are used for decryption, followed by removing the padded portion, ensuring consistency in data length before and after encryption.
  • CTR: Counter Mode, which transforms block ciphers into stream ciphers for encryption on a bit-by-bit or byte-by-byte basis. It uses a counter as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. CTR mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication.
Padding Modes
  • None: No padding
  • PKCS7: Padding consists of a byte sequence, with each byte padded to the length of the byte sequence
  • Zeros: Padding consists of bytes set to zero
  • ANSIX923: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with zeros
  • ISO10126: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with random data
For block symmetric encryption algorithms, some operation modes require the byte length of plaintext data to be a multiple of the block size, so we must pad the plaintext data before encrypting it.

Key(IV) Text Or Hex
  • Text represents the text format and is encoded in UTF-8 before being converted to a byte[] array.
  • Hex represents the hexadecimal format, and the input will be converted from a hexadecimal string to a byte[] array before encryption.
Character Set and Format encryption instructions
  • First Scenario, taking DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt the string "中国abc". Choose character set "UTF-8". The encryption output is in hexadecimal format, select "Hex" from the format dropdown. The encrypted output result is "C886FF3D9DCB37FA1FA0EAD95889DF3E". View Example
  • Another Scenario, still using DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt hexadecimal data, for example [0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08]. Choose character set "Hex". The encryption output is in Base64 format, select "Base64" from the format dropdown. The encrypted output result is "up/vqMd1Eq4d/TFcc22l3Q==". View Example
Character Set and Format decryption instructions
  • First Scenario, using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the hexadecimal string "C886FF3D9DCB37FA1FA0EAD95889DF3E". Therefore, select "Hex" from the format dropdown for decryption, and the data encoding after decryption is "UTF-8". Choose character set "UTF-8". The decrypted string is "中国abc". View Example
  • Another Scenario, still using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the Base64 string "up/vqMd1Eq4d/TFcc22l3Q==". Therefore, select "Base64" from the format dropdown for decryption, and there is no additional encoding after decryption, as it is hexadecimal data. Choose character set "Hex" (selecting "UTF-8" would result in garbled text). The final decrypted string is "0102030405060708". View Example