Fundamentals

Base64 Encoding Explained: How It Works & When To Use It

7 min read
January 23, 2026
base64 encode, what is base64, base64 vs text

You see it in email headers, data URLs, and API tokens. Base64 is one of the most common encoding schemes on the web, but it is often misunderstood.

Is it encryption? (No.) Does it save space? (Also no.) This guide explains exactly how Base64 works and why it remains essential for modern web development.

What is Base64?#

Base64 is a way to represent binary data (like images, PDFs, or compiled code) using only ASCII text characters.

Computers communicate in binary (0s and 1s), but many older protocols (like Email/SMTP) were designed to only handle text. If you try to send a raw JPEG image through a text-only channel, the system will interpret the storage bytes as random characters, likely breaking the transfer.

Base64 solves this by translating that binary data into a safe alphabet of 64 characters: A-Z, a-z, 0-9, +, and /.

How It Works (The Math)#

The process is simple but clever:

  1. Take 3 bytes of binary data (24 bits total).
  2. Split those 24 bits into 4 groups of 6 bits each.
  3. Map each 6-bit value (0-63) to a character in the Base64 alphabet.

Because you are turning 3 bytes into 4 characters, Base64 increases file size by roughly 33%.

encoding-example.txttext
Input:  "Man" (ASCII)
Binary: 01001101 01100001 01101110 (3 bytes)
Joined: 010011010110000101101110 (24 bits)
Split:  010011 010110 000101 101110 (4 x 6 bits)
Value:  19     22     5      46
Char:   T      W      F      u
Result: "TWFu"

Common Use Cases#

1. Data URLs (Images in HTML):
You can embed small images directly into HTML/CSS to save an HTTP request.

2. Email Attachments:
Email systems use MIME (Multipurpose Internet Mail Extensions) which relies on Base64 to attach photos and documents to text emails.

3. API Keys & Basic Auth:
The Authorization: Basic header typically contains username:password encoded in Base64.

Warning: It Is NOT Encryption#

Developers often confuse encoding with encryption. Base64 is NOT secure.

  • Encoding (Base64) is for compatibility. It can be reversed by anyone.
  • Encryption (AES, RSA) is for security. It requires a key to reverse.
  • Hashing (MD5, SHA) is for integrity. It cannot be reversed.

Never store passwords in Base64. Use proper hashing like bcrypt or Argon2.

Frequently Asked Questions

Does Base64 compress data?
No! It actually expands data by roughly 33%. 3 bytes of input become 4 bytes of output.
Why does my Base64 string end with "="?
The "=" sign is padding. If the input data length is not divisible by 3, Base64 adds padding characters to complete the final block.
Is Base64 URL safe?
Standard Base64 uses "+" and "/", which can break URLs. A variant called "Base64URL" uses "-" and "_" instead.

Encode or Decode Base64

Need to decode a mysterious string or encode an image for CSS? Use our instant browser-based tool.

Open Base64 Tool

Related Articles

Comparisons

YAML vs JSON vs XML

A comprehensive comparison of YAML, JSON, and XML. Learn their differences, performance considerations, and best use cases for configuration and APIs.

Fundamentals

MD5 vs SHA-256

Understand the difference between MD5, SHA-1, and SHA-256. Learn when to use each hashing algorithm for data integrity vs security.