Documentation

What is Base64 Encoding?

A complete guide to Base64 — how it works, when to use it, and common pitfalls.

How Base64 Works

Base64 converts binary data into a string of printable ASCII characters. It works by taking 3 bytes (24 bits) of binary data and splitting them into 4 groups of 6 bits. Each 6-bit group maps to one of 64 characters: A–Z, a–z,0–9, +, and /.

If the input isn't a multiple of 3 bytes, padding (=) is added to make the output length a multiple of 4.

Example
Input textMan
Binary (ASCII)01001101 01100001 01101110
6-bit groups010011 010110 000101 101110
Base64 outputTWFu

Common Use Cases

HTTP Authorization

Basic Auth credentials (username:password) are Base64-encoded in the Authorization: Basic … header.

Data URIs

Images, fonts, and other binary assets can be embedded directly in HTML and CSS as data:image/png;base64,…

Email Attachments

MIME (the email attachment standard) uses Base64 to encode binary file attachments as ASCII-safe text.

JSON Payloads

JSON only supports Unicode text. Binary data (like images or files) must be Base64-encoded before embedding in a JSON field.

JWT Tokens

JSON Web Tokens use URL-safe Base64 (Base64url) to encode the header, payload, and signature sections.

Cryptographic Keys

Public keys, private keys, and certificates (PEM format) use Base64-wrapped binary data with -----BEGIN …----- headers.

Standard vs. URL-Safe Base64

FeatureStandard Base64URL-Safe Base64
RFCRFC 2045, RFC 4648RFC 4648 §5
Char 62+-
Char 63/_
Padding== (often omitted)
Safe in URLs❌ Must percent-encode✅ No escaping needed
Safe in filenames
Used in JWT

Base64 Is Not Encryption

Base64 encoding provides zero security. Any encoded string can be trivially decoded by anyone with access to it. Never use Base64 to protect passwords, tokens, or sensitive personal data. Use proper cryptographic algorithms (AES-256, bcrypt, Argon2, RSA) for security-sensitive operations.

Frequently Asked Questions