Base64 encoding is the reason you can paste an image straight into a CSS file, send a photo as an email attachment, or store a whole file inside a single line of JSON. It takes raw binary data and rewrites it using only plain text characters that survive being sent anywhere. This guide explains Base64 encoding and its two relatives, Base32 and Base58: what each one does, where you will meet it, and how to encode and decode it.
In this guide
What base encoding actually means
Base encoding is often confused with number systems, but the two solve different problems. Number systems, the binary and hexadecimal covered in our guide to number systems, are about how to write a single value. Base encoding is about packaging arbitrary binary data, an image, a document, any bytes at all, as plain text.
The reason this matters is that many systems only handle text safely. Email, URLs, JSON, and HTML were all built around text, and raw binary data sent through them can be corrupted or rejected. Base encoding solves that by mapping the binary data onto a small, safe set of characters, so it can travel anywhere text can.
Base64: the everyday encoding
Base64 uses 64 characters: the uppercase letters A to Z, the lowercase letters a to z, the digits 0 to 9, and the two symbols plus and slash. Every three bytes of original data are rewritten as four of these text characters.
That four-for-three ratio means Base64 text is about 33 percent larger than the data it represents. The extra size is the price of safety, and for most uses it is a fair trade. If you see an = sign at the end of a Base64 string, that is padding, added so the encoded length comes out as a clean multiple of four characters.
What Base64 is used for
Base64 appears wherever binary data has to ride inside something built for text. Email attachments are encoded with Base64 under the MIME standard. A data URL embeds an image directly into HTML or CSS as a Base64 string, so the page carries the image with no separate file. JSON payloads use Base64 to carry a file inside a text field. The middle section of a JWT authentication token is Base64. In each case, the job is the same: move binary data through a text-only channel.
Base32: encoding that survives case changes
Base32 uses a smaller set, just 32 characters: the uppercase letters A to Z and the digits 2 to 7. Using fewer characters makes the encoded text bulkier than Base64, so why choose it?
Because Base32 survives systems that do not preserve letter case or that get confused by mixed case. The everyday example is two-factor authentication. The secret key behind a code-generating authenticator app is Base32, because that key must be typed or scanned reliably across many devices and systems. Base32 trades size for that reliability.
Base58: built to avoid lookalike characters
Base58 uses 58 characters. It starts from a Base64-style set and deliberately removes the characters people most often confuse: the digit zero and capital O, capital I and lowercase L, and the plus and slash symbols.
The result is an encoding a person can read aloud or copy by hand with far less chance of an error. That is why Base58 is best known from cryptocurrency, where a Bitcoin address is a Base58 string. When a value will be handled by humans rather than only machines, Base58 reduces costly mistakes.
How to encode and decode
The Base64 encoder and decoder converts text and data in both directions. For the other formats, the Base32 encoder and the Base58 encoder do the same job.
To move between encodings and other representations, the ASCII to Base64 converter encodes plain text, the Base64 to ASCII converter reverses it, and the Base64 to hex converter shows the underlying bytes in hexadecimal. Each tool runs in your browser, processes the data on your own device, and asks for no account.
Base64 is not encryption
This is the single most important point about Base64. Because Base64 text looks scrambled, people assume it hides or protects data. It does not.
Base64 is fully reversible by anyone, with no key and no secret involved. Encoding an API key, a password, or any sensitive value in Base64 gives it zero protection, since anyone can decode it in a single step. Base64 is a transport format, not a security measure. Data that must be kept private needs real encryption, which depends on a secret key. Treat Base64 as a way to move data safely, never as a way to hide it.
Free encoding tools used in this guide
Frequently asked questions
Is Base64 encryption?
No. Base64 is encoding, not encryption. It is fully reversible by anyone with no key, so it provides no security at all.
Why is Base64 data larger than the original?
Base64 rewrites every three bytes as four text characters, so the encoded result is about 33 percent larger than the data it represents.
What is Base32 used for?
Its most visible use is the secret key behind two-factor authentication apps, because Base32 survives systems that do not preserve letter case.
What is Base58 used for?
It is best known from cryptocurrency addresses. Base58 removes characters that look alike, so values are safer to copy by hand.
What does the equals sign at the end of a Base64 string mean?
It is padding. The equals sign is added so the encoded length comes out as a multiple of four characters.