Why is it called Base64?

Because it uses a 64-character alphabet. Just like decimal is base-10 (10 digits) and hexadecimal is base-16 (16 characters), Base64 uses 64 characters. Each Base64 character represents 6 bits of data (2 to the 6th power = 64).

Is Base64 encoding the same as encryption?

No. Base64 is reversible by anyone. It provides zero security. Encryption requires a key to reverse. Base64 is for data format compatibility, not confidentiality.

Does Base64 make data larger?

Yes. Base64 increases size by about 33%. Every 3 bytes of input become 4 bytes of Base64 output. This overhead is the trade-off for having a text-safe representation of binary data.

When should I NOT use Base64?

Do not use Base64 for security (use encryption instead), for large files in HTML (use regular file hosting), or when the transport layer already handles binary (like HTTP file uploads). Base64 adds size overhead with no benefit in those cases.

What is URL-safe Base64?

Standard Base64 uses + and / which have special meaning in URLs. URL-safe Base64 replaces + with - and / with _ to avoid conflicts. JWTs use URL-safe Base64.

What Is Base64 Encoding? How It Works, When to Use It

Q: What is Base64 encoding?

Base64 is a method of representing binary data as ASCII text using 64 characters (A-Z, a-z, 0-9, +, /). It was designed so binary data could be safely transmitted through systems that only handle text, like email and JSON.

Last updated: April 20269 min readEncode/Decode Tools

Base64 is a way to represent any data as plain text. It converts bytes into a string of letters, numbers, plus signs, and slashes. It exists because many systems (email, JSON, XML, URLs) were designed for text only and choke on raw binary data.

The Problem Base64 Solves

Imagine you need to send an image through email. Email was designed in the 1970s for ASCII text. Raw binary bytes (the image file) would confuse or corrupt the email system. Solution: convert the binary to text characters that every email system can handle. That is what Base64 does.

The same problem appears in JSON payloads, XML documents, URL query strings, and configuration files. Whenever you need to stuff binary data into a text-only channel, Base64 is the standard answer.

How the Algorithm Works

Base64 operates on groups of 3 bytes (24 bits) at a time:

Take 3 bytes of input (24 bits total)
Split into four 6-bit groups
Map each 6-bit value (0-63) to a character from the Base64 alphabet
If the input length is not divisible by 3, pad with = signs

The Base64 alphabet:

Values	Characters
0-25	A-Z (uppercase letters)
26-51	a-z (lowercase letters)
52-61	0-9 (digits)
62	+
63	/
padding	=

6 bits per character means each character carries exactly 6 bits of information. Since 1 byte = 8 bits, encoding 3 bytes (24 bits) produces 4 Base64 characters (24 bits). This is why the output is always exactly 33% larger than the input.

Step-by-Step Example

Encode "Cat" to Base64:

ASCII values: C=67, a=97, t=116
Binary: 01000011 01100001 01110100
Split into 6-bit groups: 010000 110110 000101 110100
Decimal values: 16, 54, 5, 52
Map to Base64: Q, 2, F, 0

Result: "Cat" → "Q2F0"

Try it yourself with the Base64 encoder.

Padding Explained

Base64 processes 3 bytes at a time. When the input is not divisible by 3:

1 leftover byte: Produces 2 Base64 characters + "==" (two padding)
2 leftover bytes: Produces 3 Base64 characters + "=" (one padding)
0 leftover: No padding needed

The padding tells the decoder how many bytes were in the final group.

Where You Encounter Base64

Email (MIME): Attachments and non-ASCII email bodies are Base64-encoded
JSON APIs: Binary data (files, images) embedded in JSON responses
JWTs: JSON Web Tokens are three Base64url-encoded segments
Data URIs: Inline images/fonts in HTML/CSS (data:image/png;base64,...)
Kubernetes: Secrets stored as Base64 strings
HTTP Basic Auth: username:password encoded as Base64 in the Authorization header
Git: Binary diffs and patch files often contain Base64 segments

Base64 vs Other Encodings

Encoding	Characters Used	Size Overhead	Use Case
Base64	A-Z, a-z, 0-9, +, /	~33%	Binary data in text channels
Hex	0-9, A-F	100%	Debug output, hash display
URL encoding	Original + %XX	Varies	Making strings URL-safe
HTML entities	Original + &name;	Varies	Escaping HTML special chars

Hex encoding is simpler (each byte = 2 hex characters) but doubles the size. Base64 is more efficient (33% overhead vs 100%) which is why it became the standard for bulk data encoding.

Base64 Is NOT Security

This point cannot be overstated. Base64 is encoding, not encryption. Anyone with a decoder (including our free tool) can reverse it instantly. If you see credentials, tokens, or sensitive data encoded in Base64 and nothing else, that data is effectively in plain text.

For actual security, encrypt first, then Base64-encode if needed for transport.

URL-Safe Base64

Standard Base64 uses + and / which have special meanings in URLs. URL-safe Base64 (also called Base64url) replaces + with - and / with _ to avoid conflicts. JWTs use this variant. Most decoders handle both, but if you get decoding errors, check which variant is being used.

Explore more encoding tools: URL Encoder, HTML Entity Encoder, Number Base Converter for binary/hex/decimal.

What Is Base64 Encoding? How It Works, When to Use It

The Problem Base64 Solves

How the Algorithm Works

Step-by-Step Example

Padding Explained

Where You Encounter Base64

Base64 vs Other Encodings

Base64 Is NOT Security

URL-Safe Base64

Related Posts

Base64 Decoder

Base64 Encoder

5 Real Use Cases

Number Base Converter