[openssl-users] Using SM2 ECIES in 1.1.1

Matt Caswell matt at openssl.org
Wed Oct 24 15:14:47 UTC 2018

On 24/10/2018 15:55, Akira Takahashi wrote:
> Hi all,
> Since the version 1.1.1 supports the SM2 public key cryptography suite I
> am trying to test its ECIES (found in crypto/sm2/sm2_crypto.c) over
> different standardized prime curves i.e. not just sm2p256v1.
> Is there CLI or minimal code snippet to achieve it via the EVP interface?
> The current man page of SM2 seems to only describe SM2 as a signature
> algorithm, but not as a public key encryption.

You can use the EVP_PKEY_encrypt() function for this purpose.

A generic example (not SM2 specific) is on the EVP_PKEY_encrypt() man page:


Doing this for SM2 is essentially the same as shown in that example
except of course don't call the RSA specific
EVP_PKEY_CTX_set_rsa_padding() function.

Setting up of the EVP_PKEY itself to contain an SM2 key is the same as
for sign/verify, i.e. you need to call EVP_PKEY_set_alias_type(). There
is no need to set an id though. See:


Hope that helps,


More information about the openssl-users mailing list