1. What Is Base64 Encoding?
Base64 is a binary-to-text encoding scheme that converts arbitrary binary data into a safe, printable ASCII string. It was standardized in RFC 2045 (originally for MIME email attachments) and is now ubiquitous across the web — used in JWTs, HTTP Basic Auth, embedded images, API credentials, and file transfer systems.
A Base64-encoded string uses only 64 characters: A–Z, a–z, 0–9, +, and / — plus = padding. Because every character in this set is safe in ASCII, JSON, XML, and URL contexts (with minimal encoding), Base64 is the universal "safe transit" format for binary data.
💡 Key Insight: Base64 is not encryption. It is purely encoding — anyone who receives Base64 data can decode it instantly. Never use Base64 to hide sensitive data.
2. Why 64 Characters?
Each Base64 character represents exactly 6 bits of the input binary data (2⁶ = 64 possible values). Since a standard byte is 8 bits, every 3 input bytes (24 bits) maps to 4 Base64 characters (4 × 6 = 24 bits). This gives Base64 its characteristic ~33% size overhead — a 3 KB file becomes roughly 4 KB when Base64 encoded.
3. How Base64 Works Step by Step
- Take the raw bytes of your input (text, file, image)
- Group into 3-byte chunks (24 bits each)
- Split each chunk into four 6-bit groups
- Map each 6-bit value to its corresponding Base64 character using the lookup table
- Add = padding if the input length is not divisible by 3
For example, the ASCII string Man encodes to TWFu in Base64.
4. Where Base64 Is Used in Practice
JWT Tokens
JSON Web Tokens consist of three Base64URL-encoded parts: header, payload, and signature, separated by dots. You can decode the header and payload of any JWT instantly — they are not encrypted, only Base64-encoded. Use our JWT Decoder tool to inspect the claims of any token in your browser.
HTML Embedded Images
Small images can be embedded directly into HTML or CSS as Base64 data URIs to eliminate the extra HTTP request: <img src="data:image/png;base64,iVBORw0...">. This is useful for tiny icons in email templates or critical-path CSS backgrounds.
HTTP Basic Authentication
The Authorization header in Basic Auth is just username:password Base64-encoded: Authorization: Basic dXNlcjpwYXNz. Decoding that reveals the credentials in plain text — another reminder that Base64 is not security.
🔄 Encode or Decode Base64 Instantly
Paste any text, file, or JWT — decode or encode in real time, 100% in your browser.
Open Base64 Tool →5. Base64 vs Binary — When to Use Which
- Use raw binary when sending files via multipart form POST or streaming large assets (images, PDFs) — no overhead
- Use Base64 when the transport medium only supports text — JSON bodies, XML fields, email attachments, HTTP headers
- Use Base64URL (replaces
+→-and/→_) in JWTs and URL query parameters where+and/are reserved
6. Decode a JWT Token Using Base64
Every JWT is three Base64URL segments. Take any JWT like eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ..., split on the dots, and decode each segment:
- Segment 1 = Header — contains the algorithm and token type
- Segment 2 = Payload — contains the claims (sub, iat, exp, roles, etc.)
- Segment 3 = Signature — a keyed HMAC, cannot be decoded without the secret
Our JWT Decoder tool does this automatically — paste a token and see all claims formatted as readable JSON instantly.