Base64 Encoder/Decoder

Every time an email attachment travels through SMTP, every time a JWT token authenticates an API request, every time a small image is embedded directly in a CSS file, Base64 encoding is at work — silently translating binary data that would break text-based protocols into a safe 64-character ASCII subset that travels without corruption through any text channel. The calculator for Base64 encoding and decoding converts between plaintext or binary data and its Base64 representation, and provides the file size impact analysis that helps developers make encoding decisions intelligently.

How Base64 Works: The Encoding Algorithm

Base64 represents binary data using only 64 printable ASCII characters: A–Z (26), a–z (26), 0–9 (10), + and / (2), with = as padding. The algorithm:

1. Take 3 bytes (24 bits) of input data at a time
2. Split into four 6-bit groups (24 bits ÷ 6 = 4 groups)
3. Each 6-bit value (0–63) maps to one Base64 character via the Base64 alphabet table
4. If the input is not divisible by 3, pad with one or two = characters

The encoding ratio: 3 bytes of input → 4 Base64 characters of output, creating a 33.3% size overhead. A 1 MB image becomes approximately 1.37 MB when Base64 encoded. Use this online calculator for any text or data string. The URL encoder/decoder handles percent-encoding for URL-safe data transmission.

Base64 Applications Across Protocols

Base64 is embedded in protocols that predate the widespread adoption of binary-safe data channels:

• MIME email encoding: SMTP was designed for 7-bit ASCII; attachments are Base64-encoded to prevent corruption of binary content (PDFs, images, executables) during email transit through legacy systems
• HTTP Basic Authentication: credentials "username:password" are Base64-encoded in the Authorization header — note that Base64 is encoding, not encryption; HTTPS is required for security
• JSON Web Tokens (JWT): the header and payload sections are Base64URL-encoded (URL-safe variant using - and _ instead of + and /); the signature section uses Base64URL over the HMAC or RSA signature of the header and payload
• Data URLs: embedding binary assets directly in HTML/CSS: data:image/png;base64,[encoded_data] — useful for small icons and images that benefit from being inline rather than requiring a separate HTTP request
• SSH key transport: the public key content in SSH authorized_keys files is Base64-encoded binary key data

Base64 vs. Base64URL: The URL-Safe Variant

Standard Base64 uses + and / characters that have special meaning in URLs and query strings. Base64URL (RFC 4648 §5) substitutes - for + and _ for /, making the encoded string URL-safe without requiring percent-encoding. The = padding may also be omitted. JWT tokens use Base64URL exclusively; API authentication tokens typically use Base64URL for tokens that appear in URL paths or query parameters. Always verify which variant is required when implementing authentication or token systems — using standard Base64 where Base64URL is required will cause authentication failures that can be difficult to diagnose. The ASCII converter (tech) and text transformation calculators provide complementary encoding and character set tools.

Security Considerations: Base64 Is Not Encryption

A persistent and dangerous misconception: Base64 encoding provides zero security. The encoding is fully reversible by anyone with a Base64 decoder (including every major programming language, browser DevTools, and countless online tools). Passwords, API keys, and sensitive data encoded in Base64 are as exposed as plaintext to anyone who intercepts or accesses the encoded string. The appropriate security measures are: encryption (AES, RSA) for data at rest; TLS/HTTPS for data in transit; proper secret management (AWS Secrets Manager, HashiCorp Vault) for credentials. Base64 encoding in HTTP Basic Auth headers is only safe because HTTPS encrypts the entire header — never use Base64 over HTTP for credentials. Understanding this distinction prevents the security failures that occur when developers mistake "encoded" for "protected."