What Is Base64 Encoding?
Base64 is a binary-to-text encoding scheme that converts arbitrary binary data into a string of 64 printable ASCII characters. The 64-character alphabet consists of A–Z (26), a–z (26), 0–9 (10), plus two additional characters — typically + and / in standard Base64. A padding character = is used at the end when the input length isn't divisible by 3.
The reason Base64 exists is historical necessity: many systems designed in the 1970s and 1980s were built to handle only 7-bit ASCII text. Transmitting binary data (images, audio, compressed files) through these systems would corrupt the data because bytes above 127 were interpreted differently by different systems. Base64 solved this by encoding binary data using only the 64 safe printable ASCII characters that every system handles identically.
How Base64 Encoding Works
The process takes 3 bytes of input (24 bits) and converts them to 4 Base64 characters (6 bits each). This is why Base64-encoded output is always approximately 33% larger than the original binary data.
A simple example: encoding the string "Man":
- M = 77 (binary: 01001101), a = 97 (01100001), n = 110 (01101110)
- Combined 24 bits: 010011010110000101101110
- Split into 4 groups of 6: 010011 | 010110 | 000101 | 101110
- Map to Base64 alphabet: 19=T, 22=W, 5=F, 46=u
- Result: TWFu
Decoding reverses the process: each Base64 character maps back to its 6-bit value, groups are recombined into bytes, and the original binary data is recovered.
Where Base64 Is Used
Base64 appears in many common technical contexts:
Email attachments (MIME): The email protocol (SMTP) was originally designed for 7-bit ASCII text. Email attachments — images, PDFs, documents — are Base64-encoded before being embedded in the email message. Your email client decodes them automatically when you open the attachment.
Data URIs in HTML and CSS: You can embed small images directly in HTML or CSS without a separate HTTP request by converting them to Base64 data URIs: <img src="data:image/png;base64,iVBORw0K...">. This is commonly used for small icons and favicons.
API authentication: HTTP Basic Authentication encodes credentials as Base64 in the Authorization header: Authorization: Basic dXNlcjpwYXNz (which decodes to "user:pass"). Note that this is not encryption — anyone can decode it.
JSON Web Tokens (JWT): JWTs consist of three Base64-encoded sections: header, payload, and signature. The payload contains claims (user ID, expiration time, permissions) encoded in Base64. Decoding the payload reveals the token contents.
Storing binary data in text fields: Databases and configuration files designed for text sometimes need to store binary data (encryption keys, certificates, fingerprints). Base64 encoding makes binary data storable as a text string.
SSH keys: The public keys in ~/.ssh/authorized_keys and private keys in ~/.ssh/id_rsa are Base64-encoded binary data wrapped in PEM headers (-----BEGIN RSA PRIVATE KEY-----).
Base64 Is Not Encryption
This is the most important thing to understand about Base64: it provides zero security. Base64 is an encoding — a reversible transformation — not encryption. Anyone with a Base64 decoder (which is built into every browser, operating system, and programming language) can instantly recover the original data.
Do not use Base64 to "hide" passwords, API keys, or sensitive data. If you see Base64-encoded credentials in a repository, they are just as exposed as plain text credentials. Use proper encryption (AES, RSA) or a secrets manager for actual security.
Base64 exists to solve the binary-in-text-channel problem, not the security problem.
Base64 Variants (URL-safe, MIME)
Standard Base64 uses + and / as its two extra characters, which have special meanings in URLs. When Base64 strings are used in URLs (common for JWT tokens and some API parameters), a URL-safe variant replaces these:
+→-(hyphen)/→_(underscore)
URL-safe Base64 (also called Base64url) is the variant used by JWTs, OAuth tokens, and most modern APIs. Online encoders should let you choose between standard and URL-safe variants.
MIME Base64 (used in email) additionally inserts a CRLF line break every 76 characters. This line-wrapped format is what you see inside PEM certificates and email bodies. For most web uses, the no-line-wrap form is preferred.
How to Encode or Decode Base64 Online
A browser-based Base64 tool processes any text or binary string instantly:
- To encode: paste your plain text (or binary string) into the input field, click Encode, and get the Base64 output. Use this to create data URIs, encode credentials, or inspect how a system would represent your data.
- To decode: paste a Base64 string (e.g., from a JWT payload, an API response, or an email header), click Decode, and read the original content. This is the fastest way to inspect what a Base64-encoded token actually contains.
For working with related data formats, combine with the JSON formatter (JWT payloads decode to JSON) and the URL encoder/decoder (URL-safe Base64 is common in query parameters).