UTILITY GUIDE

Base64 Encode/Decode: Complete Guide to Base64 Encoding

What Base64 is, how it works, where it is used and why it is not encryption. Practical guide with examples for developers.

Base64: the bridge between binary and text

Base64 is an encoding scheme that converts binary data into a string composed exclusively of 64 printable ASCII characters (A-Z, a-z, 0-9, +, /). It was created to solve a fundamental problem: many protocols and formats (SMTP email, JSON, XML, URL) are designed to handle only ASCII text, not arbitrary binary data. Base64 allows you to "package" any binary data (images, files, encrypted data) into a textual format transportable on these channels.

The encoding process is systematic: binary data is read 3 bytes at a time (24 bits), divided into 4 groups of 6 bits each, and each group is mapped to one of the 64 characters of the Base64 alphabet. If the data is not a multiple of 3 bytes, padding is added with the "=" character. This explains why Base64 data is about 33% larger than the original: 3 bytes become 4 characters.

Where Base64 is used

Practical Base64 examples
# Testo in Base64
"Hello, World!" → "SGVsbG8sIFdvcmxkIQ=="

# Data URI per immagini inline in HTML
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA..." />

# JWT (JSON Web Token) - tre segmenti Base64URL
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U

# HTTP Basic Authentication
Authorization: Basic dXNlcjpwYXNzd29yZA==
# (decodificato: "user:password")

Base64 is ubiquitous in web development: JWTs (JSON Web Tokens) use Base64URL to encode header and payload, MIME emails encode binary attachments in Base64, data URIs allow embedding images directly in HTML, HTTP Basic authentication encodes username:password in Base64, and X.509 certificates in PEM format are Base64 between BEGIN/END markers. Our tool encodes and decodes instantly, supporting both standard Base64 and Base64URL.

Base64 is NOT encryption

The most dangerous mistake is confusing Base64 with encryption. Base64 is a reversible encoding: anyone can decode a Base64 string without any key or secret. Using Base64 to "hide" passwords, tokens or sensitive data is like writing a secret message backwards: anyone can read it with minimal effort. If you need to protect sensitive data, use real encryption (AES, RSA) — you can then encode the encrypted result in Base64 for transport.

For data security in transit, verify that your site uses HTTPS with SSL Check — this protects all traffic, including Base64 data. For data integrity, use the Hash Generator to calculate the hash before and after transmission and compare them. And to encode URL parameters that contain special characters, use URL Encode/Decode which is specifically designed for URLs, unlike standard Base64 which contains the problematic + and / characters in URLs.

A note for developers: when working with JWTs, remember that the payload is only Base64URL encoded, not encrypted. Anyone can decode a JWT and read its contents. The signature (the third segment) ensures that the content has not been altered, but does not hide it. If the JWT contains sensitive data, use JWE (JSON Web Encryption) instead of JWS (JSON Web Signature), or encrypt the sensitive data before inserting it into the JWT.

Try Base64 Encode/Decode for free
Encode and decode strings in Base64 format
Use Base64 Encode/Decode >

Explore the Network

capops.io Free tools for DevOps & SysAdmin — monitoring, deploy, CI/CD, server management and more Visit → pixcode.io Free graphic tools — image converter, color palette generator, SVG optimizer and more Visit →