Base64 Converter

What is Base64 and when to use it?

Base64 é um esquema de codificação que converte dados binários em texto ASCII usando 64 caracteres seguros para transporte. O nome vem justamente do alfabeto de 64 símbolos que utiliza: letras maiúsculas e minúsculas, dígitos, + e /.

É amplamente usado para incorporar imagens em CSS ou HTML (data:image/png;base64,...), transmitir dados em JSON, armazenar tokens JWT e enviar anexos em emails via protocolo MIME.

Worth stressing that Base64 is not encryption. Anyone can decode the content, so treat it as transport encoding rather than a way to protect sensitive information.

What Base64 really does

Base64 is a binary-to-text encoding that maps every 3 bytes of input (24 bits) onto 4 printable ASCII characters drawn from a 64-symbol alphabet — A-Z, a-z, 0-9, + and /. The current specification is RFC 4648, published in October 2006, which superseded RFC 3548 and consolidated Base16, Base32 and Base64 in one document. When the input length is not a multiple of 3, the output is padded with one or two = characters so that the length is always a multiple of 4.

The price of going through ASCII is a fixed 33% size overhead: 3 bytes become 4 characters, so a 300 KB image embedded as a data URI costs around 400 KB on the wire (before gzip). That overhead is the trade-off you pay to push binary data through channels that were designed for 7-bit text — SMTP bodies, JSON values, XML attributes, HTTP headers and URLs.

Standard vs. URL-safe and common use cases

RFC 4648 §5 defines a base64url variant that swaps + for - and / for _, so the result can be dropped into a URL or filename without percent-encoding. JWT tokens use base64url without padding for each of the three segments separated by dots. Classic places you see standard Base64: data:image/png;base64,... inline images, MIME email attachments (RFC 2045), HTTP Basic Auth credentials, and PEM-encoded TLS certificates wrapped at 64 characters per line.

A common misconception: Base64 is not encryption. Anyone can decode it instantly — it provides zero confidentiality. If you need secrecy, encrypt first and then Base64-encode the ciphertext for transport.

FAQ

Why is the output always longer than the input? Each Base64 character carries only 6 bits of information instead of the 8 bits an ASCII byte could hold, so you need 4 output bytes to represent every 3 input bytes — a deterministic 4/3 ratio, or 33% overhead.

What are the = at the end for? They are padding so the total length is a multiple of 4 characters. One = means the input had 1 leftover byte; == means 2 leftover bytes. Some implementations (JWT, certain APIs) omit padding entirely.

Is Base64 safe to put in a URL? Standard Base64 is not — +, / and = all have reserved meaning in URLs. Use the base64url variant for that.

Should I embed images as Base64 in CSS? For small icons under a few KB, yes — it saves an HTTP request. For larger images the 33% overhead and the fact that data URIs are not cached separately make a real <img> with a URL more efficient.