help / base64

Base64 Encoding: Complete Guide

Base64 is a binary-to-text encoding scheme that converts binary data into a string of printable ASCII characters. It is not a compression algorithm or encryption method — it is purely a way to represent binary data in a form that can be safely transported through text-based systems.

How Base64 encoding works

Base64 operates on groups of 3 bytes (24 bits) at a time. Each group is split into four 6-bit chunks. Because 2⁶ = 64, each 6-bit chunk can be mapped to one of 64 printable characters: A–Z (indices 0–25), a–z (26–51), 0–9 (52–61), + (62), and / (63).

When the input length is not a multiple of three, one or two = characters are appended as padding to keep the output length a multiple of four. The output is always 33% larger than the input.

Encoding example step by step

Encoding the string Man:

  • ASCII bytes: 77 (M), 97 (a), 110 (n)
  • Binary: 01001101 01100001 01101110
  • Split into 6-bit groups: 010011 010110 000101 101110
  • Decimal values: 19, 22, 5, 46
  • Base64 characters: T W F u
  • Result: TWFu

Base64 variants

Standard Base64 uses + and / as the 62nd and 63rd characters, with = padding. This is defined in RFC 4648 and is the most common variant.

Base64URL replaces + with - and / with _, and typically omits = padding. This makes the output safe for use in URL query parameters and HTTP headers without percent-encoding. Used in JWTs (JSON Web Tokens) and OAuth.

MIME Base64 (RFC 2045) adds a line break after every 76 characters. Used in email attachments to comply with SMTP line-length limits.

When to use Base64

  • Embedding binary data in JSON, XML, or HTML (data URIs for images and fonts).
  • Transmitting binary content through systems that only handle text (email attachments via MIME).
  • Encoding credentials in HTTP Basic Authentication headers (Authorization: Basic base64(user:pass)).
  • Encoding binary tokens for use in JWT tokens, API keys, or session cookies.

When NOT to use Base64

Do not use Base64 as security or obfuscation. It is trivially reversible by anyone with access to the string. Do not use it to encode large binary files served directly to browsers — the 33% size overhead is significant, and HTTP already handles binary content efficiently. Do not store Base64-encoded passwords — hash passwords with bcrypt, scrypt, or Argon2 instead.

Try it now → Use the Base64 Encoder to encode or decode Base64 instantly in your browser. All processing is client-side.