Utilumo
LightDarkSystem
Explainer1 min readUpdated June 25, 2026

What is Base64 encoding?

Short answer

Base64 is a way to represent binary data using 64 printable ASCII characters. It lets binary content travel through channels designed for text, such as URLs, JSON, and email. It is encoding for safe transport, not encryption for security.

Why Base64 exists

Many systems were built to handle text, not raw bytes. Email, URLs, and JSON can corrupt arbitrary binary data. Base64 solves this by mapping every 3 bytes of input onto 4 characters from a safe alphabet: A-Z, a-z, 0-9, plus + and /, with = used for padding.

"Hello"  ->  "SGVsbG8="
Text encoded as Base64

The size cost

Because 3 bytes become 4 characters, Base64 output is about 33 percent larger than the original. That is the trade-off for safe transport through text-only channels.

Base64 is not encryptionAnyone can decode Base64 instantly. It hides nothing. Never use it to protect passwords, tokens, or secrets.

Where you see it

  • Data URIs that embed images directly in HTML or CSS
  • Email attachments, via MIME
  • The header and payload of a JWT, which use a URL-safe Base64 variant
  • Binary fields passed inside JSON

The URL-safe variant (RFC 4648) replaces + and / with - and _ so the text can sit in a URL without escaping.

Try it: Base64 Encoder/DecoderEncode or decode Base64 text locally, with full UTF-8 support.Open tool

References

Questions

Is Base64 secure?

No. Base64 is reversible by anyone and provides no protection. It is for safe transport of binary data, not for hiding or encrypting it.

Why does Base64 sometimes end with = signs?

The = characters are padding. They fill the final group when the input length is not a multiple of 3 bytes, keeping the output a multiple of 4 characters.

Does this send my data anywhere?

No. Utilumo's developer tools parse and transform input inside the browser tab. Nothing is uploaded, stored, or logged.

Keep reading

Explainer1 min readWhat is JSON?JSON is a lightweight, text-based format for storing and exchanging structured data. Here is how it works, its data types, and the rules that trip people up.Read
Explainer1 min readJWT explained: how JSON Web Tokens workA JWT is a signed, Base64url-encoded token with three parts: header, payload, and signature. Here is what each part holds and why decoding is not verifying.Read