Decoded
Encoded
About Base64
Base64 is an encoding method that uses 7-bit printable ASCII characters. Mainly used in email to transfer 8-bit data over a 7-bit data path.
In Base64, data is divided into 6 bits and converted into alphanumeric characters (A-Z, a-z, 0-9) and symbols (+, /). Converts every 4 characters, and if the last is less than 4 characters, pad with the equal symbol (=).
In addition, RFC 1421 (PEM: Privacy-Enhanced Mail) stipulates line breaks every 64 characters, and RFC 2045 (MIME) stipulates line breaks every 76 characters.
The conversion table for Base64 characters is as follows.
| 6-bit data | Base64 character |
|---|---|
| 000000 | A |
| 000001 | B |
| 000010 | C |
| 000011 | D |
| 000100 | E |
| 000101 | F |
| 000110 | G |
| 000111 | H |
| 001000 | I |
| 001001 | J |
| 001010 | K |
| 001011 | L |
| 001100 | M |
| 001101 | N |
| 001110 | O |
| 001111 | P |
| 010000 | Q |
| 010001 | R |
| 010010 | S |
| 010011 | T |
| 010100 | U |
| 010101 | V |
| 010110 | W |
| 010111 | X |
| 011000 | Y |
| 011001 | Z |
| 011010 | a |
| 011011 | b |
| 011100 | c |
| 011101 | d |
| 011110 | e |
| 011111 | f |
| 100000 | g |
| 100001 | h |
| 100010 | i |
| 100011 | j |
| 100100 | k |
| 100101 | l |
| 100110 | m |
| 100111 | n |
| 101000 | o |
| 101001 | p |
| 101010 | q |
| 101011 | r |
| 101100 | s |
| 101101 | t |
| 101110 | u |
| 101111 | v |
| 110000 | w |
| 110001 | x |
| 110010 | y |
| 110011 | z |
| 110100 | 0 |
| 110101 | 1 |
| 110110 | 2 |
| 110111 | 3 |
| 111000 | 4 |
| 111001 | 5 |
| 111010 | 6 |
| 111011 | 7 |
| 111100 | 8 |
| 111101 | 9 |
| 111110 | + |
| 111111 | / |
For example, if you convert "Hello" with Base64, it will be as follows.
1. Convert it to a binary representation.
01001000 01100101 01101100 01101100 01101111 (For US-ASCII / UTF-8)
2. Split into 6-bit groups. If the last group is less than 6 bits, pad it with "0" at the end.
010010 000110 010101 101100 011011 000110 111100
3. Convert to characters using a conversion table. Convert every 4 characters, and if it is less than 4 characters, pad the end with "=".
SGVs bG8=
4. Connect all the characters to get the Base64 conversion result.
SGVsbG8=
Email MIME message header type (RFC 2047)
DenCode also supports decoding of MIME message header format (RFC 2047), such as below. This format is used when the subject, recipient, etc. of the email contains non-ASCII characters.
Subject: =?UTF-8?B?44K144Oz44OX44Or?=
The result after decoding is as follows.
Subject: サンプル
JSON Web Token (RFC 7519)
JSON Web Token (JWT) is a token format that compactly represents JSON data using Base64url encoding. It is widely used for authentication and authorization in web applications, and is standardized in RFC 7519.
A JWT consists of three elements separated by dots (.).
<Header>.<Payload>.<Signature>
The role of each element is as follows.
| Element | Description |
|---|---|
| Header | A JSON object containing metadata such as the token type (typ) and signing algorithm (alg) |
| Payload | A JSON object containing information such as user ID and expiration time |
| Signature | Signature data used to detect tampering of the header and payload |
The header and payload are each Base64url encoded. Base64url replaces "+" with "-" and "/" with "_", and omits the padding "=" compared to standard Base64 (RFC 4648). This allows them to be safely included in URLs and HTTP headers.
For example, decoding the following JWT yields the header and payload as JSON.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
{
"alg": "HS256",
"typ": "JWT"
}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
The main fields (claims) contained in the header and payload are as follows.
| Field | Name | Description |
|---|---|---|
| alg | Algorithm | Algorithm used for signing or encryption (e.g. HS256, RS256, ES256) |
| typ | Type | Token type (usually "JWT") |
| cty | Content Type | Content type of the payload ("JWT" for nested JWTs) |
| kid | Key ID | Identifier of the key used for signature verification |
| jku | JWK Set URL | URL referencing the JWK Set used for signature verification |
| x5u | X.509 URL | URL referencing the X.509 certificate chain used for signature verification |
| x5t | X.509 Certificate SHA-1 Thumbprint | SHA-1 thumbprint of the X.509 certificate used for signature verification |
| Field | Name | Description |
|---|---|---|
| iss | Issuer | Issuer of the token |
| sub | Subject | Subject of the token (e.g. user ID) |
| aud | Audience | Recipient of the token |
| exp | Expiration Time | Expiration time of the token (Unix timestamp) |
| nbf | Not Before | Time before which the token is not valid (Unix timestamp) |
| iat | Issued At | Time at which the token was issued (Unix timestamp) |
| jti | JWT ID | Unique identifier of the token |