Lesson 1

What Is Base64?

Why Base64 exists and where you encounter it as a developer.

Base64 is a binary-to-text encoding. It maps arbitrary bytes (photos, ciphertext, protobuf blobs, zipped archives) into a restricted alphabet of 64 printable ASCII characters. The result looks like gibberish to humans—but it survives channels that only tolerate text.

Crucially, Base64 is not encryption. Anyone who sees the string can decode it back to the original bytes unless you layered real cryptography separately.

Why we need binary-to-text encodings

Many systems historically assumed “data in transit” meant readable text:

  • Email bodies and older MIME parts
  • JSON and XML attributes that forbid raw null bytes or ambiguous control characters
  • URL query parameters and logging pipelines that choke on arbitrary binary
  • Debugging: printing a fingerprint of bytes without scrambling the terminal

Base64 solves a transport problem: make bytes safe as text. It does not promise secrecy, authenticity, or compression.

Where developers meet Base64

You will routinely see Base64 in:

  • JWT segments (header.payload.signature) — each part is JSON bytes, Base64-encoded (often URL-safe variant)
  • Embedding small assets inside HTML/CSS via data:image/png;base64,...
  • Authorization: Basic ... headers — username:password bytes encoded (still needs HTTPS in production)
  • Cryptography plumbing — PEM blocks wrap DER structures; PKCS payloads are often transported as Base64 inside text envelopes
  • Database or API fields that store opaque blobs as VARCHAR/TEXT for compatibility

ASCII vs Unicode text

Encode meaningful text (“hello”) correctly in UTF-8 first, producing bytes, then Base64 those bytes. Mixed mental models—“is this string already Unicode?” versus “these are raw octets”—are a frequent source of bugs described later in this course.

Base64 alphabet at a glance

The classic alphabet uses A–Z, a–z, 0–9, +, / plus optional = padding at the tail. Exact mapping and padding rules are covered in the next lessons.

Key takeaway

Base64 turns opaque bytes into safe ASCII text. Learn it once and JWTs, PEM files, thumbnails in CSS, and “binary field as string” APIs all become easier to reason about—even when you delegate encoding to a library every day.

When you want to practice, use the related DevCove tool — optional, not part of this lesson.

Open related tool

Back to course overview