Base64 Converter

Encode text to Base64 or decode Base64 to text.

Understanding Base64 Encoding

Base64 is a binary-to-text encoding scheme defined in RFC 4648 that represents binary data using a set of 64 printable ASCII characters. The algorithm works by taking every three bytes (24 bits) of input data and splitting them into four groups of 6 bits each. Each 6-bit group is then mapped to one of 64 characters in the Base64 alphabet: uppercase letters A-Z (indices 0-25), lowercase letters a-z (indices 26-51), digits 0-9 (indices 52-61), and the symbols + (index 62) and / (index 63). When the input length is not evenly divisible by three, the output is padded with one or two = characters to maintain the 4-character block alignment.

The fundamental purpose of Base64 is to safely transmit binary data over channels that were originally designed to handle only ASCII text. In the early days of the internet, protocols like SMTP (email) and HTTP headers could only reliably transport 7-bit ASCII characters. Binary files such as images, executables, and compressed archives contain byte values above 127 and control characters that would be corrupted or misinterpreted during transmission. Base64 solves this problem by encoding all binary content into a safe subset of ASCII, at the cost of a predictable 33% increase in data size (three input bytes become four output characters).

Despite the overhead, Base64 remains indispensable in modern computing. Every email attachment you send is Base64-encoded using the MIME standard. Every JWT (JSON Web Token) you encounter in authentication flows contains Base64url-encoded header and payload segments. Even inline images in HTML and CSS use Base64-encoded data URIs to eliminate additional HTTP requests. Understanding how Base64 works is essential for any developer working with APIs, authentication systems, or data serialization.

Where Base64 is Used

  • Email Attachments (MIME): SMTP transmits only 7-bit ASCII. MIME encodes binary attachments like images and PDFs in Base64 so they survive mail server relay chains intact.
  • Data URIs in HTML/CSS: Embedding small images directly in markup as data:image/png;base64,... eliminates extra HTTP requests and can improve page load performance for icons and sprites.
  • HTTP Basic Authentication: The Authorization header encodes the username:password pair as a Base64 string. While not encryption, it satisfies the ASCII-only constraint of HTTP headers.
  • JSON Web Tokens (JWT): The header and payload sections of a JWT are Base64url-encoded JSON objects, enabling compact, URL-safe token transmission between client and server.
  • Embedding Images in APIs: REST and GraphQL APIs that need to accept or return image data inline often use Base64-encoded strings within JSON payloads.

Base64 Variants

  • Standard (RFC 4648): Uses the classic 64-character alphabet with + and / as indices 62 and 63, and = for padding. This is the default for most libraries.
  • URL-Safe (Base64url): Replaces + with - and / with _ to avoid conflicts with URL query parameters and path segments. Padding is often omitted.
  • MIME (RFC 2045): Identical alphabet to standard Base64, but inserts a line break (CRLF) every 76 characters. This variant is used in email attachments to comply with SMTP line length limits.
  • Filename-Safe: A variant that avoids characters illegal in filenames on most operating systems. It typically mirrors URL-safe encoding and is used when Base64 strings must serve as file or directory names.

Base64 in Web Development

In front-end development, data URIs are the most visible application of Base64. By embedding a Base64-encoded image directly in an <img> tag's src attribute or a CSS background-image property, developers can reduce the number of HTTP requests a page makes during initial load. This technique is most effective for small assets under 10 KB, such as icons, logos, and SVG fallbacks, where the overhead of an additional network round-trip exceeds the 33% size increase of Base64 encoding. Build tools like Webpack and Vite can automatically inline assets below a configurable size threshold.

On the back end, Base64 is essential for API authentication. The HTTP Basic Authentication scheme requires the client to send an Authorization: Basic <credentials> header, where <credentials> is the Base64-encoded concatenation of username, a colon, and the password. While this is encoding and not encryption (the credentials can be trivially decoded), it satisfies the ASCII constraint of HTTP headers and is considered secure when used over HTTPS. Similarly, OAuth 2.0 client credentials flows often Base64-encode the client ID and secret for the token request.

Base64 also plays a key role in storing binary data in JSON. Since JSON only supports text strings, any binary content such as images, certificates, or encrypted blobs must be Base64-encoded before embedding in a JSON payload. WebSocket connections that need to transmit binary frames alongside JSON messages frequently use Base64 as an encoding layer. When working with Web Crypto API operations, cryptographic keys and initialization vectors are often exported and imported as Base64 strings for portability between systems.

Base64 Character Map Reference

The Base64 alphabet maps each 6-bit value (0-63) to a specific printable ASCII character:

Index Range Characters Description
0-25A B C ... X Y ZUppercase Latin letters
26-51a b c ... x y zLowercase Latin letters
52-610 1 2 ... 7 8 9Decimal digits
62+ (standard) / - (URL-safe)62nd character varies by variant
63/ (standard) / _ (URL-safe)63rd character varies by variant
Pad=Padding character to align output to 4-byte blocks

Frequently Asked Questions

Why does Base64 increase size by 33%?

Base64 converts every 3 bytes of input (24 bits) into 4 ASCII characters (32 bits). This 4/3 ratio means the output is always approximately 33% larger than the input. The overhead exists because each output character uses only 6 of its 8 available bits to represent data, with the remaining 2 bits ensuring the character falls within the safe printable ASCII range. Additional padding characters may add a few extra bytes.

What is URL-safe Base64?

URL-safe Base64 (also called Base64url) replaces the + character with - and the / character with _. Standard Base64 uses characters that have special meaning in URLs: + represents a space in query strings, and / is a path separator. Base64url avoids these conflicts, making it ideal for JWT tokens, URL parameters, and filenames. Padding with = is typically omitted in this variant.

Can Base64 be used for encryption?

No. Base64 is an encoding scheme, not an encryption algorithm. It provides no security whatsoever because the transformation is trivially reversible by anyone. Any Base64 string can be decoded back to its original form without a key. If you need to protect sensitive data, use proper encryption algorithms like AES-256 or RSA. Base64 is frequently used to encode already encrypted data for safe transport, but the encoding itself adds no cryptographic protection.

What are data URIs?

A data URI (Uniform Resource Identifier) embeds file content directly within a document using the data: scheme. The format is data:[mediatype][;base64],<data>. For example, a small PNG image can be embedded as data:image/png;base64,iVBOR.... Data URIs eliminate the need for a separate HTTP request to fetch the resource, improving perceived load time for small assets. They are commonly used for CSS background images, favicons, and inline SVG sprites.