Base64URL
Base64URL is a modification of the main Base64 standard, the purpose of which is the ability to use the encoding result as filename or URL address. The Base64URL is described in RFC 4648 § 5, where it is mentioned that the standard Base64 alphabet contains invalid characters for URLs and filenames.
The first problem is that the main standard uses “+” as the 62rd character and “=” as padding character. Both characters have a special meaning in the URI address: “+” is interpreted as space, while “=” is used to send data via query string as “key=value” pair. As you understand, using these symbols may lead to various errors.
The second problem — the main standard uses “/” as the 63rd character, which both for URL addresses and for file system locations, represents the directory separator. Therefore in this case errors are guaranteed.
To avoid the errors above, it was proposed to use a “safe alphabet” for URL addresses and filenames. Thus, the Base64URL was born. It uses the same algorithm as the main standard, but differs in the following:
- Replaces “+” by “-” (minus)
- Replaces “/” by “_” (underline)
- Does not require a padding character
- Forbids line separators
For example, the main standard will encode <<???>> to PDw/Pz8+Pg== while Base64URL will convert it to PDw_Pz8-Pg. As you can see, only special characters have been changed, while the letters and digits have remained intact.
If you want to see it in action, check the following tools:
This page would be incomplete without Base64URL characters table. So, meet it:
| Index | Character |
|---|---|
| 0 | A |
| 1 | B |
| 2 | C |
| 3 | D |
| 4 | E |
| 5 | F |
| 6 | G |
| 7 | H |
| 8 | I |
| 9 | J |
| 10 | K |
| 11 | L |
| 12 | M |
| 13 | N |
| 14 | O |
| 15 | P |
| 16 | Q |
| 17 | R |
| 18 | S |
| 19 | T |
| 20 | U |
| 21 | V |
| 22 | W |
| 23 | X |
| 24 | Y |
| 25 | Z |
| Index | Character |
|---|---|
| 26 | a |
| 27 | b |
| 28 | c |
| 29 | d |
| 30 | e |
| 31 | f |
| 32 | g |
| 33 | h |
| 34 | i |
| 35 | j |
| 36 | k |
| 37 | l |
| 38 | m |
| 39 | n |
| 40 | o |
| 41 | p |
| 42 | q |
| 43 | r |
| 44 | s |
| 45 | t |
| 46 | u |
| 47 | v |
| 48 | w |
| 49 | x |
| 50 | y |
| 51 | z |
| Index | Character |
|---|---|
| 52 | 0 |
| 53 | 1 |
| 54 | 2 |
| 55 | 3 |
| 56 | 4 |
| 57 | 5 |
| 58 | 6 |
| 59 | 7 |
| 60 | 8 |
| 61 | 9 |
| Index | Character |
|---|---|
| 62 | - |
| 63 | _ |
Given all of the above, a Base64URL value can be defined using the following regular expression:
^[A-Za-z0-9_-]+$
I would also like to provide some additional links:
What is "aaaaigz0...my4xmda="?
Validate Base64 using Notepad++
Base64 encryption is a lie
Comments (5)
I hope you enjoy this discussion. In any case, I ask you to join it.
I will be pleased if you help me to decode such following code:
abG9nb191cmw=, maHR0cDovLzUxLjE1LjIwOS45MDo4ODAwL2RhdGEvaW1nL2ZpbGVzLzU2NjU5X2FzcG9yLmpwZw==Please let me know how to decode the above-mentioned characters.
Thanks
So that might be AES256
PHP:
php
function base64url($str) {
return str_replace(['+','/','='], ['-','_',''], base64_encode($str));
}
// decode base64url encoded data
function unbase64url($str) {
return base64_decode(str_replace(['-','_'], ['+','/'], $str));
}
JS:
js
function base64url(str) {
return btoa(str).replace(/=+$/,'').replace(/\+/g,'-').replace(/\//g,'_');
}
function unbase64url(str) {
return atob(str.replace(/-/g,'+').replace(/_/g,'/'));
}
it's was wrong:
// decode base64url encoded data
function unbase64url($str) {
return base64_decode(str_replace(['-','_'], ['+','/'], $str));
}
so is correct:
function unbase64url($str) {
return base64_decode(str_replace(['-','_'], ['+','/'], base64_decode($str));
}