SM4 is a block cipher algorithm published by the Chinese National Cryptography Administration, also known as the commercial cryptographic SM4 algorithm. It is a symmetric encryption algorithm used to replace traditional symmetric encryption algorithms like DES and AES. The "SM" in SM4 stands for commercial cryptography, which is used for commercial purposes and does not involve national secrets.

Operation Modes

• CBC: Cipher Block Chaining, where plaintext is divided into fixed-size blocks and encrypted sequentially. Each block (group) is XORed with the encrypted data of the previous block before encryption. To ensure uniqueness of each message, the first data block is XORed with an initialization vector (IV) before encryption. CBC mode is a widely used encryption mode, but its main drawback is that encryption is sequential and cannot be parallelized. Like ECB, message blocks must be padded to a multiple of the block size.
• ECB: Electronic Codebook, the simplest encryption mode where plaintext messages are divided into fixed-size blocks, with each block encrypted separately. Each block is encrypted and decrypted independently using the same method, allowing for parallel processing. However, if one block is decrypted, all plaintext data can be decrypted using the same method, compromising security. Suitable for scenarios with minimal data, where plaintext data needs to be padded to a multiple of the block size.
• OFB: Output Feedback, which transforms block ciphers into stream ciphers, encrypting bit by bit or byte by byte. It uses an initialization vector (IV) as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. OFB mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication.
• CFB: Cipher Feedback, which divides data into bits rather than blocks, providing characteristics of stream cipher encryption for encrypting data of any length. It allows for bit-by-bit or byte-by-byte encryption and decryption without padding. Similar to CBC mode, the ciphertext of the previous block is XORed with the plaintext of the current block to generate the ciphertext for the current block. Therefore, CFB mode is sensitive to transmission errors and data loss as an error bit can affect subsequent encryption results.
• CTS: Cipher Text Stealing, used to address the problem of the last block length being insufficient in block cipher encryption. During encryption, if the last block length is insufficient, partial ciphertext blocks are used to pad the plaintext block before encryption. During decryption, if the last block length is insufficient, partial ciphertext blocks are used for decryption, followed by removing the padded portion, ensuring consistency in data length before and after encryption.
• CTR: Counter Mode, which transforms block ciphers into stream ciphers for encryption on a bit-by-bit or byte-by-byte basis. It uses a counter as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. CTR mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication.

Padding Modes

• None: No padding
• PKCS7: Padding consists of a byte sequence, with each byte padded to the length of the byte sequence
• Zeros: Padding consists of bytes set to zero
• ANSIX923: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with zeros
• ISO10126: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with random data

For block symmetric encryption algorithms, some operation modes require the byte length of plaintext data to be a multiple of the block size, so we must pad the plaintext data before encrypting it.

Key(IV) Text Or Hex

• Text represents the text format and is encoded in UTF-8 before being converted to a byte[] array.
• Hex represents the hexadecimal format, and the input will be converted from a hexadecimal string to a byte[] array before encryption.

Character Set and Format encryption instructions

• First Scenario, taking DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt the string "中国abc". Choose character set "UTF-8". The encryption output is in hexadecimal format, select "Hex" from the format dropdown. The encrypted output result is "C886FF3D9DCB37FA1FA0EAD95889DF3E". View Example
• Another Scenario, still using DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt hexadecimal data, for example [0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08]. Choose character set "Hex". The encryption output is in Base64 format, select "Base64" from the format dropdown. The encrypted output result is "up/vqMd1Eq4d/TFcc22l3Q==". View Example

Character Set and Format decryption instructions

• First Scenario, using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the hexadecimal string "C886FF3D9DCB37FA1FA0EAD95889DF3E". Therefore, select "Hex" from the format dropdown for decryption, and the data encoding after decryption is "UTF-8". Choose character set "UTF-8". The decrypted string is "中国abc". View Example
• Another Scenario, still using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the Base64 string "up/vqMd1Eq4d/TFcc22l3Q==". Therefore, select "Base64" from the format dropdown for decryption, and there is no additional encoding after decryption, as it is hexadecimal data. Choose character set "Hex" (selecting "UTF-8" would result in garbled text). The final decrypted string is "0102030405060708". View Example