What is Base64 encoding?

June 5, 2026 · 14 min read

Base64 is a binary-to-text encoding scheme. It turns arbitrary bytes into a string of 64 printable ASCII characters so you can embed binary data in JSON, XML, email, or URLs without corrupting transport layers that expect text. It does not compress data - in fact, encoded output is roughly 33% larger than the original.

Developers encounter Base64 daily: data URLs in HTML, Basic authentication headers, PEM certificates, and attachment encoding in MIME. Knowing how the alphabet and padding work saves hours when a decoder fails because someone pasted URL-safe variants or stripped trailing = signs.

What Base64 is

Base64 maps every 3 bytes (24 bits) of input to 4 encoded characters (6 bits each). The name comes from the 64 symbols in the alphabet: uppercase A–Z, lowercase a–z, digits 0–9, plus + and /. RFC 4648 standardizes the encoding; earlier variants exist but modern tools follow RFC 4648 unless documented otherwise.

Decoding is the inverse: groups of four characters become three bytes. If the input length is not a multiple of four, padding characters (=) mark how many trailing bytes were implicit in the last quantum.

The 64-character alphabet

Each 6-bit value indexes a character from the standard table. Value 0 is A, value 63 is /. This design keeps output within the printable ASCII range so legacy systems (SMTP, JSON strings) do not choke on null bytes or control characters.

Index:  0-25   26-51  52-61  62  63
Char:   A-Z    a-z    0-9    +   /

Example: "Hi" (0x48 0x69) → "SGk="

How encoding works step by step

Take the UTF-8 bytes of a string - or raw binary from a file - and process them in 3-byte chunks. Each chunk splits into four 6-bit numbers; each number picks one alphabet character. A 1-byte remainder produces two characters plus ==; a 2-byte remainder produces three characters plus =.

// Node.js built-in (browser: btoa only handles Latin1; use a library for UTF-8)
const encoded = Buffer.from("Hello, world!", "utf8").toString("base64");
// "SGVsbG8sIHdvcmxkIQ=="

const decoded = Buffer.from(encoded, "base64").toString("utf8");
// "Hello, world!"

When to use Base64

Use Base64 when a text-only channel must carry binary or when you need a safe string representation for logging and config. Common cases include embedding small images in CSS (data:image/png;base64,...), serializing binary fields in JSON, and wrapping cryptographic keys in PEM format.

APIs that accept only JSON strings for file uploads.
Storing short binary blobs in environment variables or databases without binary column types.
Debugging wire formats where hex dumps are too long but raw bytes break terminals.

What Base64 is not

Base64 is not encryption. Anyone can decode it instantly. It is also not a hash - you cannot verify integrity with encoding alone. For secrets in transit, use TLS; for secrets at rest, use real encryption or hashing depending on the threat model.

For URL query parameters and path segments, standard Base64 is awkward because + and / need escaping. That is why JWT and many web APIs use Base64URL, a sibling encoding with a URL-safe alphabet.

FAQ

Does Base64 encrypt data?: No. Base64 is reversible encoding with a public algorithm. Treat encoded secrets as if they were plain text.
Why is Base64 output longer than the input?: Every 3 bytes become 4 characters, expanding size by about 33%. Padding adds a few extra bytes for non-multiple-of-3 inputs.
Can Base64 represent Unicode text?: Yes, if you encode the UTF-8 bytes of the text. Encoding Unicode code points directly without UTF-8 first is a common mistake.
What is the difference between Base64 and hex?: Both represent binary as text. Hex uses two characters per byte (100% overhead); Base64 is more compact but less human-readable.

Related: Base64URL vs Base64

Browse all tools