I was debugging an email delivery issue last year when I noticed a block of gibberish in the raw message source: SGVsbG8gV29ybGQ=. My first instinct was that something had gone wrong with the encoding. Turns out, nothing was broken — that was Base64 doing exactly what it's supposed to do. If you've ever bumped into these strange-looking strings in URLs, API headers, or JSON payloads and wondered what on earth they are, this article should clear things up. You can also try encoding or decoding strings yourself with our Base64 Encoder / Decoder.
The Problem Base64 Was Built to Solve
Computers handle everything as binary — sequences of 0s and 1s. Text, images, audio files — all binary under the hood. The catch? Many communication channels, particularly older ones like SMTP email, were designed strictly for plain ASCII text. Raw binary data passing through these channels would get mangled, since certain byte values get misinterpreted as control characters.
Base64 sidesteps this problem entirely. It takes any binary data and converts it into a string made up of just 64 safe characters: A-Z, a-z, 0-9, +, /, and = for padding. Every system on the planet can handle these characters without corruption.
The Base64 Alphabet
Here's the full character set. Each character represents a value from 0 to 63:
| Values | Characters | Count |
|---|---|---|
| 0 – 25 | A B C D E ... Z | 26 |
| 26 – 51 | a b c d e ... z | 26 |
| 52 – 61 | 0 1 2 3 4 ... 9 | 10 |
| 62 | + | 1 |
| 63 | / | 1 |
| Padding | = | — |
Some implementations use different characters for 62 and 63. URL-safe Base64, for example, swaps + with - and / with _ so the encoded string works inside URLs without breaking anything.
How the Encoding Process Works, Step by Step
The algorithm is straightforward once you see it done manually. Let's encode the word "Hi":
- Convert each character to its ASCII binary representation. "H" = 72 =
01001000, "i" = 105 =01101001 - Concatenate all bytes into one binary string.
01001000 01101001→0100100001101001 - Pad to a multiple of 6 bits. We have 16 bits. Next multiple of 6 after 16 is 18, so add two zero bits:
010010000110100100 - Split into 6-bit groups.
010010|000110|100100 - Map each group to the Base64 table. 18→S, 6→G, 36→k
- Add padding. Original input was 2 bytes (not divisible by 3), so we add one
=pad.
Final result: SGk=
==. If mod 3 is 2, add =. If mod 3 is 0, no padding needed.
Common Real-World Uses
Base64 pops up in more places than you'd expect. Here are the situations where developers reach for it most often:
| Use Case | Why Base64? | Example |
|---|---|---|
| Email attachments (MIME) | SMTP only supports 7-bit ASCII | PDF attached to an email |
| Data URLs in HTML/CSS | Embed small images without extra HTTP requests | data:image/png;base64,iVBOR... |
| HTTP Basic Auth | Credentials must go in a header (text only) | Authorization: Basic dXNlcjpwYXNz |
| JSON payloads | JSON doesn't natively support binary | Sending a file via REST API |
| Cookies and tokens | Cookies are text-only; JWTs use Base64url | JWT header/payload segments |
| Database storage | TEXT columns can't hold raw binary | Storing small thumbnails in a varchar field |
Base64 Is NOT Encryption — Seriously
I can't stress this enough, because I've seen it in production codebases: people using Base64 to "hide" API keys, passwords, or personal data. Base64 provides zero security. There's no key, no algorithm complexity, nothing. Any developer (or anyone with Google, frankly) can decode a Base64 string in under five seconds. If you need to protect data, use actual encryption — AES-256, for example — and store encryption keys securely.
The Size Cost
Every encoding comes with trade-offs, and Base64's is size. Because you're converting 3 bytes of raw data into 4 Base64 characters, the encoded output is about 33% larger than the original.
| Original Size | Base64 Size | Overhead |
|---|---|---|
| 1 KB | 1.33 KB | +0.33 KB |
| 10 KB | 13.3 KB | +3.3 KB |
| 100 KB | 133 KB | +33 KB |
| 1 MB | 1.33 MB | +0.33 MB |
For a 2 KB favicon, that overhead is negligible. For a 5 MB photo, you're adding 1.65 MB of bloat — at that point, you're better off transferring the file as binary directly.
When You Should (and Shouldn't) Use It
| Situation | Use Base64? | Reason |
|---|---|---|
| Small inline images in HTML | Yes | Saves an HTTP request; size penalty is tiny |
| Sending binary in a JSON API | Yes | JSON is text-only, no alternative |
| Email attachments | Yes | MIME standard requires it |
| Large file uploads | No | Use multipart/form-data instead |
| Hiding sensitive data | No | Not encryption — use real crypto |
| URLs with special characters | Consider Base64url | URL-safe variant avoids issues with + and / |
Related Developer Tools
Working with encoded data? These might come in handy alongside the Base64 tool:
- URL Encoder / Decoder — percent-encoding for URLs
- Hash Generator — SHA-256, MD5, and other one-way hashes
- HTML Entity Encoder — escape special characters for HTML
- JSON Formatter — pretty-print and validate JSON payloads
Try it yourself — free, instant, no signup
Open Base64 Encoder / Decoder