Encoding and decoding Base64 for secure data transmission
Base64 is a binary-to-text encoding scheme that represents raw bytes using only 64 printable ASCII characters: A–Z, a–z, 0–9, plus, and slash. This makes it ideal for transmitting binary data (images, files, certificates) over text-only channels like email, JSON APIs, and HTTP headers. When you see a Data URL for an embedded image in HTML—data:image/png;base64,iVBORw0K...—that's Base64 encoding. Similarly, HTTPS certificates, API authentication tokens, and file uploads often use Base64 under the hood. It's not encryption (it's reversible with no key), but it ensures data survives transport across ASCII-only systems.
This tool converts between plain text and Base64 instantly. Encode transforms readable text into a longer, encoded form safe for any transport layer. Decode reverses it, recovering the original. The process is lossless—no information is lost, but the encoded output takes about 33% more space due to the 64-character alphabet limitation. Understanding Base64 is essential for web developers working with APIs, authentication, file handling, and embedded assets.
How Base64 encoding works
- Binary grouping: Input text is converted to binary. Every 3 bytes (24 bits) are grouped and split into 4 6-bit chunks.
- Character mapping:Each 6-bit chunk maps to one of 64 characters: A–Z (0–25), a–z (26–51), 0–9 (52–61), "+" (62), "/" (63).
- Padding:If input isn't a multiple of 3 bytes, padding characters ("=") are added to make the output length a multiple of 4.
- Decoding reversal: Reverse the process: map each Base64 character back to 6 bits, group into bytes, and convert back to text or binary.
- Space efficiency trade-off: Base64 output is ~33% larger than input because 3 bytes become 4 characters. This is the cost of using only printable ASCII.
Common Base64 use cases
- Data URLs in HTML. Embed images directly in CSS or HTML without external files:
<img src="data:image/png;base64,..."> - Authentication headers. API keys and credentials are Base64-encoded for HTTP Basic Auth:
Authorization: Basic dXNlcjpwYXNz - JSON file attachments. Encode file contents to Base64 and embed them in JSON payloads, avoiding binary-over-text issues.
- SSL/TLS certificates and keys. PEM format wraps Base64-encoded certificate data with header/footer lines for compatibility.
- Email attachments and MIME. MIME bodies encode binary attachments as Base64 so they survive email transport without corruption.
Frequently asked questions
Is Base64 encryption or just encoding?
It's purely encoding—anyone can decode it without a key. Base64 is not secure for sensitive data like passwords. Use actual encryption (AES, RSA) for security; use Base64 only to make binary data transportable over text channels.
Why is my Base64 output padded with equals signs?
Padding ensures the output length is a multiple of 4. If input bytes don't divide evenly by 3, one or two "=" characters are appended. This is part of the Base64 spec and must be preserved for correct decoding.
Can I encode binary files?
This tool handles text input. For binary files (images, PDFs), the browser reads files as text, which works for Base64 encoding. For full binary file support, use command-line tools like base64 on Linux or certutil on Windows.
Is my data stored or logged?
No. All encoding and decoding happens in your browser. Nothing is sent to a server or stored. You can safely encode API keys, tokens, or other sensitive information without privacy concerns.