- How to base64 encode and decode from command-line
- How to base64 encode on Ubuntu, Debian, OSX, and Red Hat
- Why Base64 Encode Data
- Base64 is not Encryption
- Base64 Encoding a String
- Base64 Encoding a File
- Decoding Strings
- Decoding Files
- Conclusion
- Bash base64 encode and decode
- Syntax:
- base64 [OPTION] [INFILE] [OUTFILE]
- Options:
- Example#1: Encoding text data
- Example#2: Decoding text data
- Example#3: Encoding text file
- Example#4: Decoding text file
- Example#5: Encoding any user-defined text
- Example#6: Checking user validity by decoding text
- Conclusion:
- References:
- About the author
- Fahmida Yesmin
- How to encode and decode data in base64 and base64URL by using unix commands?
How to base64 encode and decode from command-line
In this tutorial, you will learn how to base64 encode and decode from the command-line on Linux. You will also learn what base64 encoding is and why it should never be used to protect data from unauthorized access.
Base64 encoding and decoding data has many use cases. One being is ensuring data integrity when transferring data over the network, while another is storing Secrets in Kubernetes.
After reading this tutorial you will understand how to easily encode files or strings, and then decode them back.
How to base64 encode on Ubuntu, Debian, OSX, and Red Hat
If you are running popular linux distributions, such as Ubuntu, Debian, CentOS, or Red Hat, the base64 command-line tool is typically pre-installed. You should not have to perform any additional steps.
OSX also comes bundled with its own version of base64.
Why Base64 Encode Data
Transferring an ASCII file over the network can cause corruption if not decoded correctly. The reason is ASCII files are string converted to bytes, and when those bytes are decoded incorrectly back to ASCII your data becomes corrupt.
Base64 was introduced as a way to convert your ASCII data into arbitrary bytes, where they could then be transferred as bytes, and decoded correctly back to ASCII.
In short, base64 encoding ensures the integrity of our data when transferred over the network.
Base64 is not Encryption
Encoding files is not encryption and should never be used to secure sensitive data on disk. Rather it is a useful way of transferring or storing large data in the form of a string.
While it may obfuscate that actual data from should surfers, anyone who has access to base64 encoded data can easily decode it.
Base64 Encoding a String
To base64 encode string you can pipe an echo command into the base64 command-line tool. To ensure no extra, hidden characters are added use the -n flag.
Without the -n flag you may capture a hidden characters, like line returns or spaces, which will corrupt your base64 encoding.
Which will output the following
Base64 Encoding a File
This will output a very long, base64 encoded string. You may want to write the stdout to file instead.
bas64 /path/to/file > output.txt
Decoding Strings
To decode with base64 you need to use the —decode flag. With encoded string, you can pipe an echo command into base64 as you did to encode it.
Using the example encoding shown above, let’s decode it back into its original form.
echo -n 'bXktc3RyaW5n' | base64 --decode
Provided your encoding was not corrupted the output should be your original string.
Decoding Files
To decode a file with contents that are base64 encoded, you simply provide the path of the file with the —decode flag.
As with encoding files, the output will be a very long string of the original file. You may want to output stdout directly to a file.
base64 --decode /path/to/file > output.txt
Conclusion
In this tutorial, you learned how to base64 encode files and strings. This something commonly done to transfer files in such a way that it remains
Bash base64 encode and decode
To encode or decode standard input/output or any file content, Linux uses base64 encoding and decoding system. Data are encoded and decoded to make the data transmission and storing process easier. Encoding and decoding are not similar to encryption and decryption. Encoded data can be easily revealed by decoding. So, this command line utility tool can’t be used for data security. Alphabet, number and ‘=’ symbol are used to encode any data.
Syntax:
base64 [OPTION] [INFILE] [OUTFILE]
You can use different types of options with base64 command. Data can be taken from any file or standard input while encoding or decoding. After encode or decode, you can send the output in a file or print the output in the terminal.
Options:
-e or –encode
This option is used to encode any data from standard input or from any file. It is the default option.
-d or –decode
This option is used to decode any encoded data from standard input or from any file.
-n or –noerrcheck
By default, base64 checks error while decoding any data. You can use –n or –noerrcheck option to ignore checking at the time of decoding.
-u or –help
This option is used to get information about the usage of this command.
-i, –ignore-garbage
This option is used to ignore non-alphabet character while decoding.
–copyright
It is used to get copyright information.
–version
It is used to get the version information.
How you use the base64 command in Linux is shown in this tutorial by using some examples.
Example#1: Encoding text data
You can encode any text data by using base64 in the command line. When you want to encode any data using base64 then using -e or –encode option is optional. So, if you don’t mention any option with base64 then it will work for encoding. The following command will encode the data, ‘linuxhint.com’ and print the encoded data as output.
Example#2: Decoding text data
The following command will decode the encoded text, ‘bGludXhoaW50LmNvbQ==‘ and print the original text as output.
Example#3: Encoding text file
Create a text file named, ‘sample.txt’ with the following text that will be encoded by using base64.
You can print the encoded text in the command line or store the encoded text into another file. The following command will encode the content of the sample.txt file and print the encoded text in the terminal.
The following commands will encode the content of the sample.txt file and save the encoded text into the encodedData.txt file.
Example#4: Decoding text file
The following command will decode the content of the encodedData.txt file and print the output in the terminal
The following commands will decode the content of the encodedData.txt file and store the decoded content into the file, originalData.txt.
Example#5: Encoding any user-defined text
Create a bash file named encode_user_data.sh with the following code. The following script will take any text data as input, encode the text by using base64 and print the encoded text as output.
#!/bin/bash
echo «Enter Some text to encode»
read text
etext = ` echo -n $text | base64 `
echo «Encoded text is : $etext «
Validate the text is encoded correctly by piping the encoded text returned from your execution of the script to base64 –decode to confirm the original text is returned. Below you can see how to validate assuming My secret textwas the string encoded.
Example#6: Checking user validity by decoding text
Create a bash file named checkValidity.sh and add the following code. In this example, a secret text is taken from the user. A predefined encoded text is decoded by base64 and compared with the user input. If both values are equal then the output will be ‘You are authenticated’ otherwise the output will be ‘You are not authenticated’. Using this simple decoding code, normal validation can be done very easily. In this example the secret text that will result in success is 777799. This would likely not be hard coded in the script but more dynamic in a real world application.
#!/bin/bash
echo «Type your secret code»
read secret
otext = ` echo ‘Nzc3Nzk5Cg==’ | base64 —decode `
if [ $secret == $otext ] ; then
echo «You are authenticated»
else
echo «You are not authenticated»
fi
Conclusion:
For any sensitive data like password or any confidential data, encoding and decoding system is not suitable at all. You must use encryption and decryption system for securing these type of data.
References:
About the author
Fahmida Yesmin
I am a trainer of web programming courses. I like to write article or tutorial on various IT topics. I have a YouTube channel where many types of tutorials based on Ubuntu, Windows, Word, Excel, WordPress, Magento, Laravel etc. are published: Tutorials4u Help.
How to encode and decode data in base64 and base64URL by using unix commands?
Recent versions of coreutils include basenc(1) which supports several different encodings. From its help screen:
--base64 same as 'base64' program (RFC4648 section 4) --base64url file- and url-safe base64 (RFC4648 section 5) --base32 same as 'base32' program (RFC4648 section 6) --base32hex extended hex alphabet base32 (RFC4648 section 7) --base16 hex encoding (RFC4648 section 8) --base2msbf bit string with most significant bit (msb) first --base2lsbf bit string with least significant bit (lsb) first --z85 ascii85-like encoding (ZeroMQ spec:32/Z85); when encoding, input length must be a multiple of 4; when decoding, input length must be a multiple of 5
Here is a string that illustrates the difference:
$ printf "%s" "$s" | xxd -b -c1 | cut -d' ' -f2 | nl 1 01111000 2 01110011 3 00111111 4 00111110 5 00111110 6 00111110
And as 6 bit blocks (as base64 reads the data):
$ printf "%s" "$s" | xxd -b -c1 | cut -d' ' -f2 | tr -d '\n' | fold -w6 | nl 1 011110 2 000111 3 001100 4 111111 5 001111 6 100011 7 111000 8 111110
Note that block 4 and block 8 map to / and + respectively (Base64 table on Wikipedia):
This is the same suggestion as @jps but shorter. Also remember that echo by default always adds newline at the end, so when you want to encode it, you must add -n .
echo -n "Some_data_to_be_converted" | base64 | tr '/+' '_-' | tr -d '='
Decoding it back with bulit-in bash tools is more complicated as I didn’t find an easy way to pad the string back with ‘=’ so that the length will dividable by 4. Probably can be done with awk but I didn’t dig deep enough. If you have local ruby it becomes trivial:
2.6.2 > require 'base64' 2.6.2 > Base64.urlsafe_encode64('test', padding: false) => "dGVzdA" 2.6.2 > Base64.urlsafe_decode64('dGVzdA') => "test"
I took it as a challenge to come up with a bash or standard unix commands to pad the string back in order to decode: stackoverflow.com/questions/58957358/…
Adding on to the answer by Kaplan Ilya, here is a command using standard linux/unix commands that can decode base64url , including handling missing padding.
Note: some versions of base64 can handle missing padding, such as Mac/BSD base64 -D . However, GNU base64 -d requires correct padding.
Also, I used the test string ~~~. instead of the one in the original question Some_data_to_be_converted , so that it will generate + , / , = characters.
text='~~~. ' # encode base64 echo "$text" | base64 # fn5+Pz8/Cg== # encode base64url base64url=$( echo "$text" | base64 | tr '/+' '_-' | tr -d '=' ) echo "$base64url" # fn5-Pz8_Cg # decode base64url echo "$base64url"==== | fold -w 4 | sed '$ d' | tr -d '\n' | tr '_-' '/+' | base64 -d # ~~~.
Explanation of the decode base64url commands:
- echo «$str»==== appends 4 equal signs
- fold -w 4 split every 4 characters into separate lines
- sed ‘$ d’ deletes the last line (the extraneous padding)
- tr -d ‘\n’ joins all lines. Now the padding is correct.
- tr ‘_-‘ ‘/+’ converts _ to / , — to + .
(Side note: if you’re wondering why not use tr ‘-_’ ‘+/’ since that would be in alphanumeric order, it’s because that will result in invalid option because it thinks -_ is an option. You could do tr — ‘-_’ ‘+/’ , but it’s easier just to swap the order.)
If you already have a base64 encoded string you just need to replace «+» with «-» and «/» with » _» to get a base64url encoded string. To achieve this, you can use the following command:
echo Some_data_to_be_converted | base64 | sed ‘s/+/-/g; s,/,_,g’
Base64 encoding maps the input bytes (8 bit) to a 6 bit representation. 4 base64 characters can encode 4*6=24 bits, which equals 3 bytes. Whenever the number of bytes in your input can’t be divided by 3, padding is required according to the standard.
As the = character is used for key-value pairs in URLs, you can’t use it directly for padding if you intend to use the encoded value in an URL. You can either just ommit the padding, because most implementations will still work and just ignore the 2 or 4 unused bits on the end. Or, if the receiver really needs padding, you have to replace the = by it’s URL safe representation %3d .