diff --git a/demos/sm2/CMakeLists.txt b/demos/sm2/CMakeLists.txt
deleted file mode 100644
index a294502d..00000000
--- a/demos/sm2/CMakeLists.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-cmake_minimum_required(VERSION 3.0)
-project(sm2demo)
-
-include_directories(/usr/local/include)
-link_directories(/usr/local/lib)
-
-add_executable(sm2keyparse sm2keyparse.c)
-target_link_libraries(sm2keyparse gmssl)
diff --git a/demos/sm2/Makefile b/demos/sm2/Makefile
new file mode 100644
index 00000000..851b0cc9
--- /dev/null
+++ b/demos/sm2/Makefile
@@ -0,0 +1,18 @@
+all:
+	cc sm2_keygen_demo.c -lgmssl -o sm2_keygen_demo
+	cc sm2_private_key_demo.c -lgmssl -o sm2_private_key_demo
+	cc sm2_private_key_parse_demo.c -lgmssl -o sm2_private_key_parse_demo
+	cc sm2_public_key_demo.c -lgmssl -o sm2_public_key_demo
+	cc sm2_sign_demo.c -lgmssl -o sm2_sign_demo
+	cc sm2_sign_ctx_demo.c -lgmssl -o sm2_sign_ctx_demo
+	cc sm2_encrypt_demo.c -lgmssl -o sm2_encrypt_demo
+
+clear:
+	rm -fr sm2_keygen_demo
+	rm -fr sm2_private_key_demo
+	rm -fr sm2_private_key_parse_demo
+	rm -fr sm2_public_key_demo
+	rm -fr sm2_sign_demo
+	rm -fr sm2_sign_ctx_demo
+	rm -fr sm2_encrypt_demo
+
diff --git a/demos/sm2/sm2_encrypt_demo.c b/demos/sm2/sm2_encrypt_demo.c
new file mode 100644
index 00000000..c977e980
--- /dev/null
+++ b/demos/sm2/sm2_encrypt_demo.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	SM2_KEY pub_key;
+	unsigned char plaintext[SM2_MAX_PLAINTEXT_SIZE];
+	unsigned char ciphertext[SM2_MAX_CIPHERTEXT_SIZE];
+	size_t len;
+
+	sm2_key_generate(&sm2_key);
+	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
+
+	sm2_encrypt(&pub_key, (uint8_t *)"hello world", strlen("hello world"), ciphertext, &len);
+	format_bytes(stdout, 0, 0, "ciphertext", ciphertext, len);
+
+	if (sm2_decrypt(&sm2_key, ciphertext, len, plaintext, &len) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+	plaintext[len] = 0;
+	printf("plaintext: %s\n", plaintext);
+
+	return 0;
+}
diff --git a/demos/sm2/sm2_keygen_demo.c b/demos/sm2/sm2_keygen_demo.c
new file mode 100644
index 00000000..058b0d18
--- /dev/null
+++ b/demos/sm2/sm2_keygen_demo.c
@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+
+	if (sm2_key_generate(&sm2_key) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	sm2_key_print(stdout, 0, 0, "SM2PrivateKey", &sm2_key);
+	sm2_public_key_print(stdout, 0, 0, "SM2PublicKey", &sm2_key);
+
+	return 0;
+}
diff --git a/demos/sm2/sm2_private_key_demo.c b/demos/sm2/sm2_private_key_demo.c
new file mode 100644
index 00000000..722c3883
--- /dev/null
+++ b/demos/sm2/sm2_private_key_demo.c
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	char *password = "123456";
+
+	if (sm2_key_generate(&sm2_key) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	if (sm2_private_key_info_encrypt_to_pem(&sm2_key, password, stdout) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	return 0;
+}
diff --git a/demos/sm2/sm2_private_key_parse_demo.c b/demos/sm2/sm2_private_key_parse_demo.c
new file mode 100644
index 00000000..783431d5
--- /dev/null
+++ b/demos/sm2/sm2_private_key_parse_demo.c
@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/mem.h>
+#include <gmssl/sm2.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	char *password = "123456";
+	unsigned char buf[512];
+	unsigned char *p;
+	size_t len;
+
+	printf("Read SM2 private key file (PEM) from stdin ...\n");
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	p = buf;
+	len = 0;
+	if (sm2_private_key_to_der(&sm2_key, &p, &len) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+	fwrite(buf, 1, len, stdout);
+
+	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
+	return 0;
+}
diff --git a/demos/sm2/sm2_public_key_demo.c b/demos/sm2/sm2_public_key_demo.c
new file mode 100644
index 00000000..32bc7794
--- /dev/null
+++ b/demos/sm2/sm2_public_key_demo.c
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/mem.h>
+#include <gmssl/sm2.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	char *password = "123456";
+
+	printf("Read SM2 private key file (PEM) from stdin ...\n");
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	// openssl ec -pubin -in sm2pub.pem -text
+	sm2_public_key_info_to_pem(&sm2_key, stdout);
+
+	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
+	return 0;
+}
diff --git a/demos/sm2/sm2_sign_ctx_demo.c b/demos/sm2/sm2_sign_ctx_demo.c
new file mode 100644
index 00000000..af712ae3
--- /dev/null
+++ b/demos/sm2/sm2_sign_ctx_demo.c
@@ -0,0 +1,53 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	SM2_KEY pub_key;
+	SM2_SIGN_CTX sign_ctx;
+	unsigned char dgst[32];
+	unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
+	size_t siglen;
+	int ret;
+
+	sm2_key_generate(&sm2_key);
+
+	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
+
+	// sign without signer ID (and Z value)
+	sm2_sign_init(&sign_ctx, &sm2_key, NULL, 0);
+	sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
+	sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
+	sm2_sign_finish(&sign_ctx, sig, &siglen);
+	format_bytes(stdout, 0, 0, "signature", sig, siglen);
+
+	// digest and verify
+	sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
+	ret = sm2_verify(&pub_key, dgst, sig, siglen);
+	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
+
+	// use verify update API
+	sm2_verify_init(&sign_ctx, &pub_key, NULL, 0);
+	sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
+	ret = sm2_verify_finish(&sign_ctx, sig, siglen);
+	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
+
+	// sign use default signer ID
+	sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
+	sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
+	sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
+	sm2_sign_finish(&sign_ctx, sig, &siglen);
+	format_bytes(stdout, 0, 0, "signature", sig, siglen);
+
+	sm2_verify_init(&sign_ctx, &pub_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
+	sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
+	ret = sm2_verify_finish(&sign_ctx, sig, siglen);
+	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
+
+	return 0;
+}
diff --git a/demos/sm2/sm2_sign_demo.c b/demos/sm2/sm2_sign_demo.c
new file mode 100644
index 00000000..6c7883d1
--- /dev/null
+++ b/demos/sm2/sm2_sign_demo.c
@@ -0,0 +1,34 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	SM2_KEY pub_key;
+	unsigned char dgst[32];
+	unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
+	size_t siglen;
+	int ret;
+
+	sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
+	format_bytes(stdout, 0, 0, "to be signed digest", dgst, sizeof(dgst));
+
+	sm2_key_generate(&sm2_key);
+
+	sm2_sign(&sm2_key, dgst, sig, &siglen);
+	format_bytes(stdout, 0, 0, "signature", sig, siglen);
+
+	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
+
+	if ((ret = sm2_verify(&pub_key, dgst, sig, siglen)) != 1) {
+		fprintf(stderr, "verify failed\n");
+	} else {
+		printf("verify success\n");
+	}
+
+	return 0;
+}