The Base16, Base32, and Base64 Data EncodingsSJDsimon@josefsson.org
This document describes the commonly used base 64, base 32, and base
16 encoding schemes. It also discusses the use of line-feeds in
encoded data, use of padding in encoded data, use of non-alphabet
characters in encoded data, use of different encoding alphabets, and
canonical encodings.
Base encoding of data is used in many situations to store or transfer
data in environments that, perhaps for legacy reasons, are restricted
to US-ASCII data. Base encoding can also be used in new
applications that do not have legacy restrictions, simply because it
makes it possible to manipulate objects with text editors.
In the past, different applications have had different requirements
and thus sometimes implemented base encodings in slightly different
ways. Today, protocol specifications sometimes use base encodings in
general, and "base64" in particular, without a precise description or
reference. Multipurpose Internet Mail Extensions (MIME) is often
used as a reference for base64 without considering the consequences
for line-wrapping or non-alphabet characters. The purpose of this
specification is to establish common alphabet and encoding
considerations. This will hopefully reduce ambiguity in other
documents, leading to better interoperability.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .
Here we discuss the discrepancies between base encoding
implementations in the past and, where appropriate, mandate a
specific recommended behavior for the future.
MIME is often used as a reference for base 64 encoding. However,
MIME does not define "base 64" per se, but rather a "base 64 Content-
Transfer-Encoding" for use within MIME. As such, MIME enforces a
limit on line length of base 64-encoded data to 76 characters. MIME
inherits the encoding from Privacy Enhanced Mail (PEM) , stating
that it is "virtually identical"; however, PEM uses a line length of
64 characters. The MIME and PEM limits are both due to limits within
SMTP.
Implementations MUST NOT add line feeds to base-encoded data unless
the specification referring to this document explicitly directs base
encoders to add line feeds after a specific number of characters.
In some circumstances, the use of padding ("=") in base-encoded data
is not required or used. In the general case, when assumptions about
the size of transported data cannot be made, padding is required to
yield correct decoded data.
Implementations MUST include appropriate pad characters at the end of
encoded data unless the specification referring to this document
explicitly states otherwise.
The base64 and base32 alphabets use padding, as described below in
sections and , but the base16 alphabet does not need it; see
section .
Base encodings use a specific, reduced alphabet to encode binary
data. Non-alphabet characters could exist within base-encoded data,
caused by data corruption or by design. Non-alphabet characters may
be exploited as a "covert channel", where non-protocol data can be
sent for nefarious purposes. Non-alphabet characters might also be
sent in order to exploit implementation errors leading to, e.g.,
buffer overflow attacks.
Implementations MUST reject the encoded data if it contains
characters outside the base alphabet when interpreting base-encoded
data, unless the specification referring to this document explicitly
states otherwise. Such specifications may instead state, as MIME
does, that characters outside the base encoding alphabet should
simply be ignored when interpreting data ("be liberal in what you
accept"). Note that this means that any adjacent carriage return/
line feed (CRLF) characters constitute "non-alphabet characters" and
are ignored. Furthermore, such specifications MAY ignore the pad
character, "=", treating it as non-alphabet data, if it is present
before the end of the encoded data. If more than the allowed number
of pad characters is found at the end of the string (e.g., a base 64
string terminated with "==="), the excess pad characters MAY also be
ignored.
Different applications have different requirements on the characters
in the alphabet. Here are a few requirements that determine which
alphabet should be used:
Handled by humans. The characters "0" and "O" are easily
confused, as are "1", "l", and "I". In the base32 alphabet below,
where 0 (zero) and 1 (one) are not present, a decoder may
interpret 0 as O, and 1 as I or L depending on case. (However, by
default it should not; see previous section.)
Encoded into structures that mandate other requirements. For base
16 and base 32, this determines the use of upper- or lowercase
alphabets. For base 64, the non-alphanumeric characters (in
particular, "/") may be problematic in file names and URLs.
Used as identifiers. Certain characters, notably "+" and "/" in
the base 64 alphabet, are treated as word-breaks by legacy text
search/index tools.
There is no universally accepted alphabet that fulfills all the
requirements. For an example of a highly specialized variant, see
IMAP . In this document, we document and name some currently used
alphabets.
The padding step in base 64 and base 32 encoding can, if improperly
implemented, lead to non-significant alterations of the encoded data.
For example, if the input is only one octet for a base 64 encoding,
then all six bits of the first symbol are used, but only the first
two bits of the next symbol are used. These pad bits MUST be set to
zero by conforming encoders, which is described in the descriptions
on padding below. If this property do not hold, there is no
canonical representation of base-encoded data, and multiple base-
encoded strings can be decoded to the same binary data. If this
property (and others discussed in this document) holds, a canonical
encoding is guaranteed.
In some environments, the alteration is critical and therefore
decoders MAY chose to reject an encoding if the pad bits have not
been set to zero. The specification referring to this may mandate a
specific behaviour.
The following description of base 64 is derived from , , ,
and . This encoding may be referred to as "base64".
The Base 64 encoding is designed to represent arbitrary sequences of
octets in a form that allows the use of both upper- and lowercase
letters but that need not be human readable.
A 65-character subset of US-ASCII is used, enabling 6 bits to be
represented per printable character. (The extra 65th character, "=",
is used to signify a special processing function.)
The encoding process represents 24-bit groups of input bits as output
strings of 4 encoded characters. Proceeding from left to right, a
24-bit input group is formed by concatenating 3 8-bit input groups.
These 24 bits are then treated as 4 concatenated 6-bit groups, each
of which is translated into a single character in the base 64
alphabet.
Each 6-bit group is used as an index into an array of 64 printable
characters. The character referenced by the index is placed in the
output string.
ValueEncodingValueEncodingValueEncodingValueEncoding 0A17R34i51z 1B18S35j520 2C19T36k531 3D20U37l542 4E21V38m553 5F22W39n564 6G23X40o575 7H24Y41p586 8I25Z42q597 9J26a43r60810K27b44s61911L28c45t62+12M29d46u63/13N30e47v14O31f48w(pad)=15P32g49x16Q33h50y
Special processing is performed if fewer than 24 bits are available
at the end of the data being encoded. A full encoding quantum is
always completed at the end of a quantity. When fewer than 24 input
bits are available in an input group, bits with value zero are added
(on the right) to form an integral number of 6-bit groups. Padding
at the end of the data is performed using the '=' character. Since
all base 64 input is an integral number of octets, only the following
cases can arise:
The final quantum of encoding input is an integral multiple of 24
bits; here, the final unit of encoded output will be an integral
multiple of 4 characters with no "=" padding.The final quantum of encoding input is exactly 8 bits; here, the
final unit of encoded output will be two characters followed by
two "=" padding characters.The final quantum of encoding input is exactly 16 bits; here, the
final unit of encoded output will be three characters followed by
one "=" padding character.
The Base 64 encoding with an URL and filename safe alphabet has been
used in .
An alternative alphabet has been suggested that would use "~" as the
63rd character. Since the "~" character has special meaning in some
file system environments, the encoding described in this section is
recommended instead. The remaining unreserved URI character is ".",
but some file system environments do not permit multiple "." in a
filename, thus making the "." character unattractive as well.
The pad character "=" is typically percent-encoded when used in an
URI , but if the data length is known implicitly, this can be
avoided by skipping the padding; see section .
This encoding may be referred to as "base64url". This encoding
should not be regarded as the same as the "base64" encoding and
should not be referred to as only "base64". Unless clarified
otherwise, "base64" refers to the base 64 in the previous section.
This encoding is technically identical to the previous one, except
for the 62:nd and 63:rd alphabet character, as indicated in .
ValueEncodingValueEncodingValueEncodingValueEncoding 0A17R34i51z 1B18S35j520 2C19T36k531 3D20U37l542 4E21V38m553 5F22W39n564 6G23X40o575 7H24Y41p586 8I25Z42q597 9J26a43r60810K27b44s61911L28c45t6262 - (minus)12M29d46u6363 _ (underline)13N30e47v14O31f48w(pad)=15P32g49x16Q33h50y
The following description of base 32 is derived from (with
corrections). This encoding may be referred to as "base32".
The Base 32 encoding is designed to represent arbitrary sequences of
octets in a form that needs to be case insensitive but that need not
be human readable.
A 33-character subset of US-ASCII is used, enabling 5 bits to be
represented per printable character. (The extra 33rd character, "=",
is used to signify a special processing function.)
The encoding process represents 40-bit groups of input bits as output
strings of 8 encoded characters. Proceeding from left to right, a
40-bit input group is formed by concatenating 5 8bit input groups.
These 40 bits are then treated as 8 concatenated 5-bit groups, each
of which is translated into a single character in the base 32
alphabet. When a bit stream is encoded via the base 32 encoding, the
bit stream must be presumed to be ordered with the most-significant-
bit first. That is, the first bit in the stream will be the high-
order bit in the first 8bit byte, the eighth bit will be the low-
order bit in the first 8bit byte, and so on.
Each 5-bit group is used as an index into an array of 32 printable
characters. The character referenced by the index is placed in the
output string. These characters, identified in , below, are
selected from US-ASCII digits and uppercase letters.
ValueEncodingValueEncodingValueEncodingValueEncoding 0A 9J18S273 1B10K19T284 2C11L20U295 3D12M21V306 4E13N22W317 5F14O23X 6G15P24Y(pad)= 7H16Q25Z 8I17R262
Special processing is performed if fewer than 40 bits are available
at the end of the data being encoded. A full encoding quantum is
always completed at the end of a body. When fewer than 40 input bits
are available in an input group, bits with value zero are added (on
the right) to form an integral number of 5-bit groups. Padding at
the end of the data is performed using the "=" character. Since all
base 32 input is an integral number of octets, only the following
cases can arise:
The final quantum of encoding input is an integral multiple of 40
bits; here, the final unit of encoded output will be an integral
multiple of 8 characters with no "=" padding.The final quantum of encoding input is exactly 8 bits; here, the
final unit of encoded output will be two characters followed by
six "=" padding characters.The final quantum of encoding input is exactly 16 bits; here, the
final unit of encoded output will be four characters followed by
four "=" padding characters.The final quantum of encoding input is exactly 24 bits; here, the
final unit of encoded output will be five characters followed by
three "=" padding characters.The final quantum of encoding input is exactly 32 bits; here, the
final unit of encoded output will be seven characters followed by
one "=" padding character.
The following description of base 32 is derived from . This
encoding may be referred to as "base32hex". This encoding should not
be regarded as the same as the "base32" encoding and should not be
referred to as only "base32". This encoding is used by, e.g.,
NextSECure3 (NSEC3) .
One property with this alphabet, which the base64 and base32
alphabets lack, is that encoded data maintains its sort order when
the encoded data is compared bit-wise.
This encoding is identical to the previous one, except for the
alphabet. The new alphabet is found in .
ValueEncodingValueEncodingValueEncodingValueEncoding 00 9918I27R 1110A19J28S 2211B20K29T 3312C21L30U 4413D22M31V 5514E23N 6615F24O(pad)= 7716G25P 8817H26Q
The following description is original but analogous to previous
descriptions. Essentially, Base 16 encoding is the standard case-
insensitive hex encoding and may be referred to as "base16" or "hex".
A 16-character subset of US-ASCII is used, enabling 4 bits to be
represented per printable character.
The encoding process represents 8-bit groups (octets) of input bits
as output strings of 2 encoded characters. Proceeding from left to
right, an 8-bit input is taken from the input data. These 8 bits are
then treated as 2 concatenated 4-bit groups, each of which is
translated into a single character in the base 16 alphabet.
Each 4-bit group is used as an index into an array of 16 printable
characters. The character referenced by the index is placed in the
output string.
ValueEncodingValueEncodingValueEncodingValueEncoding 00 44 8812C 11 55 9913D 22 6610A14E 33 7711B15F
Unlike base 32 and base 64, no special padding is necessary since a
full code word is always available.
To translate between binary and a base encoding, the input is stored
in a structure, and the output is extracted. The case for base 64 is
displayed in the following figure, borrowed from .
The case for base 32 is shown in the following figure, borrowed from
. Each successive character in a base-32 value represents 5
successive bits of the underlying octet sequence. Thus, each group
of 8 characters represents a sequence of 5 octets (40 bits).
The following example of Base64 data is from , with corrections.
An ISO C99 implementation of Base64 encoding and decoding that is
believed to follow all recommendations in this RFC is available from:
This code is not normative.
The code could not be included in this RFC for procedural reasons
(RFC 3978 section 5.4).
When base encoding and decoding is implemented, care should be taken
not to introduce vulnerabilities to buffer overflow attacks, or other
attacks on the implementation. A decoder should not break on invalid
input including, e.g., embedded NUL characters (ASCII 0).
If non-alphabet characters are ignored, instead of causing rejection
of the entire encoding (as recommended), a covert channel that can be
used to "leak" information is made possible. The ignored characters
could also be used for other nefarious purposes, such as to avoid a
string equality comparison or to trigger implementation bugs. The
implications of ignoring non-alphabet characters should be understood
in applications that do not follow the recommended practice.
Similarly, when the base 16 and base 32 alphabets are handled case
insensitively, alteration of case can be used to leak information or
make string equality comparisons fail.
When padding is used, there are some non-significant bits that
warrant security concerns, as they may be abused to leak information
or used to bypass string equality comparisons or to trigger
implementation problems.
Base encoding visually hides otherwise easily recognized information,
such as passwords, but does not provide any computational
confidentiality. This has been known to cause security incidents
when, e.g., a user reports details of a network protocol exchange
(perhaps to illustrate some other problem) and accidentally reveals
the password because she is unaware that the base encoding does not
protect the password.
Base encoding adds no entropy to the plaintext, but it does increase
the amount of plaintext available and provide a signature for
cryptanalysis in the form of a characteristic probability
distribution.
Added the "base32 extended hex alphabet", needed to preserve sort
order of encoded data.
Referenced IMAP for the special Base64 encoding used there.
Fixed the example copied from RFC 2440.
Added security consideration about providing a signature for
cryptoanalysis.
Added test vectors.
Fixed typos.
Several people offered comments and/or suggestions, including John E.
Hadstate, Tony Hansen, Gordon Mohr, John Myers, Chris Newman, and
Andrew Sieber. Text used in this document are based on earlier RFCs
describing specific uses of various base encodings. The author
acknowledges the RSA Laboratories for supporting the work that led to
this document.
This revised version is based in parts on comments and/or suggestions
made by Roy Arends, Eric Blake, Brian E Carpenter, Elwyn Davies, Bill
Fenner, Sam Hartman, Ted Hardie, Per Hygum, Jelte Jansen, Clement
Kent, Tero Kivinen, Paul Kwiatkowski, and Ben Laurie.
Copyright (c) 2000-2006 Simon Josefsson
Regarding the abstract and sections , , , , , , and of
this document, that were written by Simon Josefsson ("the author",
for the remainder of this section), the author makes no guarantees
and is not responsible for any damage resulting from its use. The
author grants irrevocable permission to anyone to use, modify, and
distribute it in any way that does not diminish the rights of anyone
else to use, modify, and distribute it, provided that redistributed
derivative works do not contain misleading author or version
information and do not falsely purport to be IETF RFC documents.
Derivative works need not be licensed under similar terms.
ASCII format for network interchangeKey words for use in RFCs to Indicate Requirement LevelsPrivacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication ProceduresMultipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message BodiesOpenPGP Message FormatDNS Security Introduction and RequirementsIdentifying Composite Media FeaturesINTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1Uniform Resource Identifier (URI): Generic SyntaxDNSSEC Hash Authenticated Denial of ExistenceWork in ProgressSASL GSSAPI mechanismsWork in ProgressPost to P2P-hackers mailing list