Secure Asset Protection Using SM2, SM3, and SM4 Cryptographic Schemes

Protected Assets

Official Documents

Documents are secured using SM4 encryption. A unique SM4 key is derived per file and used for both encryption and integrity hashing.

file_key = fetch_or_create_key(file_location)  # SM4 secret key
cipher_and_digest(file_path, file_key, file_location)

User Passwords

Passwords are stored as salted hashes based on SM3. During verification, the input password is combined with the stored salt and hashed for comparison.

def compute_sm3(data):
    byte_seq = list(data.encode('utf-8'))
    return sm3_hash(byte_seq)

Saltt retireval and hash computation:

stored_salt = profile.salt_value
hashed_input = sm3_hash_with_salt(input_pwd, stored_salt)
print(hashed_input)

Cryptographic Keys

The system first encrypts documents with SM4. The SM4 key itself is encrypted using an SM2 public key. An SM3 hash of the SM4 key is truncated to 16 characters and then used to encrypt the SM2 private key.

def register_user(req):
    operator = req.session['user_name']
    if req.method == 'POST':
        form = RegistrationForm(req.POST)
        if form.is_valid():
            uid = form.cleaned_data['uid']
            uname = form.cleaned_data['uname_new']
            mail = form.cleaned_data['mail_addr']
            pwd_raw = form.cleaned_data['pwd_new']

            rand_salt = random_alphanum(15)
            pwd_salted_hash = sm3_hash_with_salt(pwd_raw, rand_salt)
            print(pwd_salted_hash)

            pwd_double_hash = compute_sm3(pwd_salted_hash)

            sm4_secret = pwd_double_hash[:16]

            ec_priv = PrivateKey()
            ec_pub = ec_priv.publicKey()

            enc_priv_key = sm4_encrypt(sm4_secret, ec_priv.export())

            UserProfile.objects.create(
                uid=uid,
                uname_new=uname,
                mail_addr=mail,
                pwd_new=pwd_salted_hash,
                salt_value=rand_salt,
                public_key=ec_pub.export(compressed=False),
                private_key=enc_priv_key,
                avatar='avatars/default_avatar.png'
            )

            Log.objects.create(
                user_name=operator,
                doc_title="N/A",
                action=f'User {operator} created account {uname} at {timezone.now()}.'
            ).save()

            return HttpResponseRedirect(reverse('dashboard'))

    else:
        form = RegistrationForm()

    return render(req, 'create_account.html', {'form': form})

Database Schema Forms

  • User data table
  • File metadata table
  • Authentication record table

Tags: cryptography SM2 SM3 SM4 data security

Posted on Fri, 29 May 2026 20:46:09 +0000 by pixelsoul

Hot Tags

©2026 Freaks City