What is Base64
Base64 is a binary-to-text encoding scheme that represents binary data as a string of ASCII characters. The name comes from using an alphabet of 64 symbols: A–Z (26), a–z (26), 0–9 (10), + and / (2). Every 3 bytes of binary data are encoded into 4 Base64 characters, increasing data size by ~33%.
How the encoding works
The process takes bytes in groups of 3 (24 bits total) and splits them into 4 groups of 6 bits each. Each 6-bit group represents a number from 0 to 63, mapped to the corresponding character in the Base64 alphabet. If the original data is not a multiple of 3 bytes, padding characters '=' are appended.
Example: the ASCII string "Man" → bytes 77, 97, 110 → binary 010011 010110 000101 101110 → indices 19, 22, 5, 46 → characters T, W, F, u → Base64 "TWFu".
Main use cases
- Email MIME: email attachments are encoded in Base64 for transport over SMTP
- Data URIs: images and fonts embedded directly in HTML/CSS (<img src="data:image/png;base64,...">
- REST APIs: transmitting binary files (images, PDFs) in JSON payloads
- JWT tokens: JWT header and payload are encoded in Base64URL (a variant without + and /)
- X.509 certificates: SSL/TLS certificates are distributed in PEM format (Base64)
Base64 is not encryption
Base64 is an encoding, not encryption. It adds no security whatsoever: anyone can instantly decode a Base64 string knowing only the public standard. Never use Base64 to "hide" sensitive data: use encryption algorithms such as AES-256 or hashing such as SHA-256 for passwords and sensitive data.