DevGizmo
Back to Blog
string·

What Is Base64 Encoding and How Does It Work?

Base64 encoding converts binary data into ASCII text so it can be safely transmitted over text-based protocols. Learn how the algorithm works, when to use it, and what its limitations are.

base64encodingbinaryascii

What Is Base64?

Base64 is an encoding scheme that converts binary data into a subset of ASCII characters. The name comes from the fact that the encoding uses 64 printable characters: uppercase A–Z, lowercase a–z, digits 0–9, plus + and /, with = used as padding.

Binary data — images, files, cryptographic keys — cannot always be safely embedded in text-based formats like JSON, XML, or email. These formats may strip control characters, misinterpret newlines, or corrupt multi-byte sequences. Base64 solves this by representing every byte of binary data using only safe, printable characters.

How the Algorithm Works

Base64 processes input in 3-byte (24-bit) chunks. Each 24-bit group is split into four 6-bit values. Each 6-bit value maps to one of the 64 characters in the Base64 alphabet.

Input bytes:  M        a        n
ASCII binary: 01001101 01100001 01101110
Split to 6-bit groups: 010011  010110  000101  101110
Base64 chars:  T        W        F        u   → "TWFu"

If the input length is not a multiple of 3, padding characters (=) are appended to make the output length a multiple of 4.

Base64 vs Base64URL

Standard Base64 uses + and / characters that have special meaning in URLs, so a variant called Base64URL replaces them with - and _. This is used in JWT tokens, for example.

When Should You Use Base64?

  • Embedding binary in JSON or XML — e.g., base64-encoding an image to embed it in a JSON API response
  • Data URIs in HTML/CSS<img src="data:image/png;base64,iVBOR...">
  • Email attachments — MIME encoding uses Base64 for binary attachments
  • Cryptographic keys — PEM-format RSA and TLS certificates are Base64-encoded DER data

When Should You NOT Use It?

Base64 is an encoding, not encryption. It provides zero security. Anyone can instantly decode Base64 back to the original data. Never use it to "hide" sensitive information.

Base64 also increases data size by approximately 33% because three bytes become four characters. For large binary payloads, this overhead matters — use native binary transfer (e.g., multipart/form-data) instead.

Base64 in JavaScript

// Encode
const encoded = btoa("Hello, World!");
// "SGVsbG8sIFdvcmxkIQ=="

// Decode
const decoded = atob("SGVsbG8sIFdvcmxkIQ==");
// "Hello, World!"

For Node.js, use Buffer:

// Encode
Buffer.from("Hello, World!").toString("base64");

// Decode
Buffer.from("SGVsbG8sIFdvcmxkIQ==", "base64").toString("utf8");

Decoding Errors

If you pass an invalid Base64 string to a decoder, you will get either corrupted output or an exception. Common sources of invalid Base64 are:

  • Missing or extra padding = characters
  • Whitespace or newlines embedded in the string (common in PEM certificates)
  • Using standard Base64 when Base64URL was intended (or vice versa)

Strip whitespace and ensure the correct alphabet variant before decoding.

Base64 and Unicode

btoa() in browsers only accepts byte strings (characters with code points ≤ 255). Passing a Unicode string with multi-byte characters (e.g., emoji or CJK characters) will throw an error. Encode to UTF-8 first:

const encoded = btoa(
  encodeURIComponent("こんにちは").replace(/%([0-9A-F]{2})/g, (_, p1) =>
    String.fromCharCode(parseInt(p1, 16))
  )
);

Or use TextEncoder for a cleaner approach in modern environments.

Try it yourself

Put these concepts into practice with the free online tool on DevGizmo.