Guide
What is Base64?
A complete guide to Base64 encoding - what it is, how it works, when to use it, and why it is essential for the modern web.
What is Base64 encoding?
Base64 is a binary-to-text encoding scheme that converts binary data into a string of ASCII characters. It uses a set of 64 characters - hence the name - consisting of uppercase letters (A-Z), lowercase letters (a-z), digits (0-9), and two special characters (typically + and /).
The purpose of Base64 is to represent binary data in a format that is safe for transmission through systems designed to handle text. Since many protocols - email, HTTP, JSON, XML - were built around text, binary data (like images or encrypted content) needs to be converted into a text-safe representation.
How does Base64 work?
Base64 encoding works by taking binary data and splitting it into groups of 6 bits, then mapping each 6-bit value to one of 64 printable characters. Here is the process step by step:
- Take the input bytes (each byte is 8 bits).
- Group the bits into 24-bit chunks (3 bytes at a time).
- Split each 24-bit chunk into four 6-bit values.
- Map each 6-bit value (0-63) to its corresponding Base64 character using the lookup table.
- If the input is not a multiple of 3 bytes, add padding (
=) to make the output a multiple of 4 characters.
Example: Encoding "Man"
| Text | M | a | n | |
|---|---|---|---|---|
| ASCII | 77 | 97 | 110 | |
| Binary | 01001101 | 01100001 | 01101110 | |
| 6-bit groups | 010011 | 010110 | 000101 | 101110 |
| Index | 19 | 22 | 5 | 46 |
| Result | T | W | F | u |
"Man" → TWFu - 3 bytes become 4 Base64 characters.
Because every 3 input bytes produce 4 output characters, Base64-encoded data is approximately 33% larger than the original binary data. This is the trade-off for text-safe transmission.
Why do we use Base64?
Many systems in computing were designed to handle text only. Binary data can contain byte values that these systems interpret as control characters, causing corruption or failures. Base64 solves this by converting binary data into a safe, predictable set of ASCII characters.
The 64 characters chosen are:
- Common to virtually all character encodings
- Printable and human-readable
- Unlikely to be modified by text-based systems (unlike raw binary)
- Safe in URLs, JSON, XML, and email headers
Common use cases
Data URIs
Embed images, fonts, or other files directly in HTML and CSS using data:image/png;base64,... URIs. Reduces HTTP requests for small assets.
Email Attachments (MIME)
Email protocols were designed for text. Base64 encodes binary attachments so they survive transit through email servers unchanged.
API Payloads & JSON
JSON cannot hold raw binary. Base64 encodes binary data into a string so it can be sent as part of a REST API request or response.
JWTs (JSON Web Tokens)
JWT payloads use Base64URL encoding to safely include claims, signatures, and headers in URLs and HTTP Authorization headers.
Basic Authentication
HTTP Basic Auth encodes username:password as Base64 in the Authorization header.
Local Storage
Store binary data (like user-uploaded images) in browser localStorage by Base64-encoding it first.
Base64 vs Base64URL
Standard Base64 uses + and / as the last two characters, and = for padding. But these characters have special meanings in URLs:
+is interpreted as a space in URLs/is a path separator=is used for query parameters
Base64URL (RFC 4648 §5) replaces + with - and / with _, and the padding = is often omitted. This makes it safe for use in URLs, file names, and JWT tokens. Our Base64 tool supports both variants automatically.
| Feature | Standard Base64 | Base64URL |
|---|---|---|
| Characters 62-63 | + / | - _ |
| Padding | = (required) | = (optional, often omitted) |
| URL Safe | No - needs percent-encoding | Yes - URL-ready |
| Common in | Email, data URIs, file storage | JWTs, OAuth tokens, URL params |
Is Base64 encryption?
No. Base64 is NOT encryption. It provides zero security. Anyone can decode a Base64 string back to its original form - there is no key, no password, and no secret involved. Base64 is an encoding, not an encryption algorithm.
Warning: Never rely on Base64 to protect sensitive data. Use proper encryption (AES, RSA, etc.) for security. Base64 only makes data text-safe - it does not hide it.