Base64 is a binary-to-text encoding scheme that converts binary data into a string of 64 ASCII characters. It was originally designed for email (MIME) to safely transmit binary attachments through text-only protocols. Today Base64 is everywhere: data URIs, JWT tokens, API authentication headers, and embedding images in HTML/CSS.
How Base64 Encoding Works
The algorithm processes input in 3-byte (24-bit) blocks:
- Take 3 bytes of input (24 bits total).
- Split into four 6-bit groups.
- Map each 6-bit value (0-63) to a character in the Base64 alphabet:
A-Z(0-25),a-z(26-51),0-9(52-61),+(62),/(63). - If the input length is not divisible by 3, pad with
=characters.
Example: The text "Hi" (2 bytes: 0x48 0x69) becomes "SGk=" — the = indicates one byte of padding.
Size Overhead
Base64 always increases data size by approximately 33% (4 output bytes for every 3 input bytes). A 1 MB file becomes ~1.33 MB when Base64-encoded. This is the fundamental trade-off: safety in text channels versus increased size.
Base64 Variants
| Variant | Characters 62-63 | Padding | Use Case |
|---|---|---|---|
| Standard (RFC 4648) | + / | = | Email, general encoding |
| URL-safe (RFC 4648 §5) | - _ | Optional | URLs, filenames, JWT |
| MIME (RFC 2045) | + / | = | Email attachments (line-wrapped at 76 chars) |
URL-safe Base64 replaces + and / with - and _ because the standard characters have special meaning in URLs.
Common Use Cases
- Data URIs: Embed small images directly in HTML/CSS:
<img src="data:image/png;base64,iVBOR...">. Eliminates an HTTP request but increases HTML size by 33%. - JWT Tokens: JSON Web Tokens encode their header and payload as URL-safe Base64 (base64url). The three parts (header.payload.signature) are each Base64-encoded.
- HTTP Basic Auth: The Authorization header encodes
username:passwordas Base64:Authorization: Basic dXNlcjpwYXNz. - Email Attachments: MIME uses Base64 to encode binary attachments for safe transport through text-based email protocols (SMTP).
- API Payloads: When you need to send binary data (images, files) inside JSON, Base64-encode it into a string field.
When NOT to Use Base64
- Base64 is not encryption. It is trivially reversible by anyone. Never use it to "hide" sensitive data.
- Large files: The 33% overhead makes Base64 inefficient for large binary transfers. Use multipart form data or binary protocols instead.
- Large data URIs: Embedding images over 5-10 KB as data URIs can hurt page performance more than a separate HTTP/2 request.
Encode and decode Base64 instantly with the WizlyTools Base64 Converter.