Appendix C. Notes on Implementing base64url Encoding without Padding
Appendix C. Notes on Implementing base64url Encoding without Padding
This appendix provides guidance on implementing base64url encoding without padding for use with JWS.
Key Points
-
Base64url Encoding: Uses the URL- and filename-safe character set from Section 5 of RFC 4648, specifically using '-' and '_' instead of '+' and '/'.
-
Padding Removal: All trailing '=' padding characters are omitted as permitted by Section 3.2 of RFC 4648.
-
No Line Breaks: The encoding must not include any line breaks, whitespace, or other additional characters.
-
Empty Octet Sequence: The base64url encoding of the empty octet sequence is the empty string.
Implementation Notes
When implementing base64url encoding:
- Start with standard base64 encoding
- Replace '+' with '-'
- Replace '/' with '_'
- Remove all trailing '=' characters
- Ensure no whitespace or line breaks are inserted
When decoding base64url strings:
- Replace '-' with '+'
- Replace '_' with '/'
- Add appropriate padding ('=') based on the input length: padding length = (4 - (input length mod 4)) mod 4
- Perform standard base64 decoding
This encoding is essential for JWS as it allows the compact serialization to be safely used in URLs and HTTP headers without requiring percent-encoding.