Base64

What is Base64?

Base64 is a binary-to-text encoding scheme that represents arbitrary binary data using a set of 64 printable ASCII characters. The name comes directly from the size of the character set. It is defined in RFC 4648 (The Base16, Base32, and Base64 Data Encodings) and is one of the most widely deployed encoding schemes in computing, appearing in email attachments, data URIs, HTTP Basic Authentication, JSON Web Tokens, and cryptographic certificate formats.

The need for Base64 arises because many communication protocols and storage systems were designed for text and cannot reliably transmit arbitrary binary bytes. Email protocols (SMTP), HTTP headers, and early internet protocols treated certain byte values as control characters with special meaning. Base64 sidesteps this problem entirely by encoding every byte as one or two printable characters.

The Base64 Alphabet

The standard Base64 alphabet (RFC 4648 Table 1) consists of:

• Uppercase letters A–Z (26 characters)
• Lowercase letters a–z (26 characters)
• Digits 0–9 (10 characters)
• Plus sign + and forward slash / (2 characters)

Together these 64 characters can each represent exactly 6 bits of data (2⁶ = 64). Base64 encodes input in 3-byte (24-bit) groups, converting each group into four 6-bit values and looking up each value in the alphabet. Three input bytes always produce exactly four output characters — a 33% size increase.

Padding: If the input length is not a multiple of 3, the output is padded with one or two = characters to make the output length a multiple of 4.

import base64

# Encoding
data = b"Hello, Unicode!"
encoded = base64.b64encode(data)
# b'SGVsbG8sIFVuaWNvZGUh'

# Decoding
decoded = base64.b64decode(encoded)
# b'Hello, Unicode!'

URL-Safe Variant (Base64url)

The standard + and / characters are significant in URLs, making standard Base64 unsafe for use in query strings, filenames, or JWT tokens. RFC 4648 defines Base64url, which replaces + with - and / with _. Padding = characters are often omitted in Base64url contexts.

# URL-safe encoding (used in JWTs, data URIs for some contexts)
encoded_url = base64.urlsafe_b64encode(data)

Common Use Cases

Data URIs: Browsers support inline resources encoded as data: URIs. A small PNG icon can be embedded directly in HTML or CSS without a network request:

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==

MIME email (RFC 2045): Email bodies and attachments are Base64-encoded to survive transmission through SMTP servers that may modify bytes with values above 127 or interpret CR/LF sequences.

HTTP Basic Authentication: Credentials are Base64-encoded (though not encrypted) in the Authorization header: Authorization: Basic dXNlcjpwYXNzd29yZA==

JSON Web Tokens (JWT): Each section of a JWT (header, payload, signature) is Base64url-encoded and joined with dots.

Quick Facts