Base64 is an encoding scheme that converts binary data into a string of printable ASCII characters. It was designed to allow binary content — like images, files, or cryptographic keys — to be safely transmitted over systems that only handle text, such as email protocols, JSON APIs, and HTML attributes.
Why Base64 Exists
Many data transfer protocols were originally designed for plain text. When you try to send raw binary data through them, certain byte sequences can be misinterpreted as control characters, causing the data to become corrupted in transit.
Base64 solves this by representing any binary data using only 64 safe characters: A–Z, a–z, 0–9, +, and /. Because all 64 characters are printable and unambiguous across different systems, the encoded output can travel through any text-based channel without corruption.
How Base64 Encoding Works
Base64 operates on groups of 3 bytes (24 bits) at a time, splitting them into four 6-bit groups. Each 6-bit value (0–63) maps to one of the 64 characters in the Base64 alphabet.
Input: M a n
Binary: 01001101 01100001 01101110
Groups: 010011 010110 000101 101110
Base64: T W F u
Output: TWFu
If the input length isn't a multiple of 3, the output is padded with one or two = characters to maintain the 4-character block structure.
Base64 Is Not Encryption
A common misconception is that Base64 provides security or obscures data. It does not. Base64 is purely an encoding — it is completely reversible by anyone, with no key or password required. Decoding a Base64 string is a one-step operation.
If you need to protect data, you need encryption (AES, RSA, etc.), not Base64.
Common Uses of Base64
Data URLs embed images and other files directly in HTML or CSS, avoiding a separate network request:
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUh..." />
Email attachments are encoded in Base64 by the MIME standard so binary files can travel through email servers that only process ASCII text.
API payloads often use Base64 to transmit binary data inside JSON, since JSON strings cannot contain raw binary bytes.
Basic authentication encodes credentials as Base64 in HTTP headers:
Authorization: Basic dXNlcjpwYXNzd29yZA==
(This is the Base64 encoding of user:password — again, not encrypted, just encoded.)
Cryptographic keys and certificates (PEM format) are Base64-encoded binary data wrapped in -----BEGIN... headers.
Base64 Size Overhead
Base64 increases data size by approximately 33%. Every 3 bytes of input become 4 characters of output. A 1 MB file encoded in Base64 becomes about 1.37 MB.
This overhead is usually acceptable when the alternative is data corruption, but it's worth considering when embedding large images as data URLs — at some point a separate file request is more efficient.
Variants: URL-Safe Base64
Standard Base64 uses + and /, which have special meaning in URLs. URL-safe Base64 replaces them with - and _, making the output safe to include in query strings and path segments without percent-encoding.
You'll see URL-safe Base64 commonly used in JWTs, OAuth tokens, and other web authentication standards.
Encoding and Decoding
To encode or decode a Base64 string directly in your browser, use the Base64 Encoder / Decoder. For encoding entire files to Base64 (or decoding a Base64 string back to a downloadable file), use the Base64 File Encoder.