What Is Base64? A Plain-English Explanation

Base64 is a binary-to-text encoding scheme that converts binary data into a safe ASCII string. Learn what it is, why it exists, how it works, and where you'll encounter it as a developer.

Base64 Explained Simply

Base64 is a way to represent arbitrary binary data (images, files, bytes) using only 64 printable ASCII characters โ€” Aโ€“Z, aโ€“z, 0โ€“9, +, and /. It exists because many systems that handle text (email, URLs, JSON, HTML) can't safely transmit raw binary data without corrupting it.

  • What it solves: Safely embed binary data (images, files, keys) in text-based protocols
  • How it works: Every 3 bytes of input become 4 Base64 characters โ€” a 33% size increase
  • The alphabet: 64 characters: Aโ€“Z (26) + aโ€“z (26) + 0โ€“9 (10) + +/ (2) = 64
  • Padding: = characters at the end pad the output to a multiple of 4
Encode / Decode Base64 โ†’

Where You See Base64 as a Developer

  • HTTP Basic Auth: Authorization: Basic dXNlcjpwYXNz โ€” the credentials are Base64-encoded username:password. It's encoding, not encryption โ€” anyone can decode it
  • JWT tokens: The three sections of a JWT (header.payload.signature) are Base64url-encoded. You can decode the header and payload without any key
  • Data URIs in HTML/CSS: <img src="data:image/png;base64,iVBOR..."> โ€” embeds an image directly in the HTML without a separate file request
  • Email attachments (MIME): Email was designed for ASCII text โ€” Base64 is how attachments are embedded in email messages
  • Cryptographic keys and certificates: PEM files (-----BEGIN CERTIFICATE-----) are Base64-encoded DER format. X.509 certificates, SSH keys, and TLS certificates all use this format
  • API payloads: Some APIs accept images, PDFs, or binary data as Base64 strings in JSON request bodies

Base64 vs. Base64url

  • Standard Base64: Uses + and / as the 63rd and 64th characters โ€” not safe in URLs because + means space and / is a path separator
  • Base64url: Replaces + with - and / with _ โ€” URL and filename safe. Used in JWTs, OAuth tokens, and anywhere the encoded string appears in a URL
  • Padding optional in Base64url: The = padding is often omitted in Base64url contexts (like JWTs) since it can be inferred from the string length
  • Detecting which one: If you see - or _ in what looks like Base64, it's Base64url. Standard Base64 only uses + and /

Frequently Asked Questions

Is Base64 a form of encryption?

No โ€” Base64 is encoding, not encryption. Anyone can decode a Base64 string without any key. It provides no security or confidentiality. HTTP Basic Auth credentials in Base64 are trivially reversible. The purpose of Base64 is safe transmission of binary data through text-only channels, not security. For encryption, use AES, RSA, or other proper cryptographic algorithms.

Why does Base64 increase file size by 33%?

Base64 encodes 3 bytes (24 bits) into 4 ASCII characters (32 bits). The ratio is 4/3 = 1.333... โ€” a 33% overhead. This is unavoidable given the encoding scheme: 64 characters represent 6 bits each (2^6 = 64), while a byte is 8 bits. Three bytes = 24 bits = four 6-bit groups = four Base64 characters. The = padding adds a few more characters when the input isn't divisible by 3.

How do I encode and decode Base64 in code?

JavaScript (browser): btoa("hello") โ†’ "aGVsbG8=" and atob("aGVsbG8=") โ†’ "hello". For binary data, use Buffer.from(data).toString('base64') in Node.js. Python: import base64; base64.b64encode(b"hello") and base64.b64decode("aGVsbG8="). Go: base64.StdEncoding.EncodeToString([]byte("hello")). Command line: echo -n "hello" | base64 and echo "aGVsbG8=" | base64 --decode.

Related Tools

Explore similar tools to solve related tasks faster.

More "what is base64" Variants

Explore closely related intent pages that open the same workflow.