Why does an encrypted message sometimes end in "=="

The = signs relate to the length of the string being encoded in Base64. Essentially, in probably the most common form of Base64, = is used as a padding character to ensure that the last block can be decoded properly.

Base64 is not encryption - there is no hiding going on in it - but is often used to allow for binary data to be sent in text only form. All the characters used in Base64 will paste correctly, and can be entered using a keyboard with no modifier keys beyond shift.


As mentioned above, Base64, is not an encryption but an encoding. As you can see at the RFC that specified the standard, base64 works the following way.

  • You have a stream of characters s, of length n.
  • You read 3 8-bit values from the stream (now you have a total of 24 bits = 3 bytes)
  • You break these 24 bits to 4 groups of 6 bits each
  • Using the table of the Base 64 alphabet, you encode each of the 6-bit groups to the Base64 equivalent

Now, there is a chance that you reach the end of the stream and you don't have a 24 bit group (s mod 6 != 0). If this happens, then you add zeros to the end of your input, until you have an integral number of 6 bit groups.

Given that your input stream is ASCII encoded, so it's composed of 8-bit characters, there are only two cases where you end up in the above scenario.

1) You have 8 bits in the last group

2) You have 16 bits in the last group

In the first case, 4 zeros are added (giving you 12 bits) and the output would be two characters (2 * 6 bits = 12 bits) encoded based on the alphabet, and two "=" padding characters

In the second case, 2 zeros would be added (giving you a total of 18 bits) and the output would be three characters (3 * 6 bits = 18 bits) and one "=" padding character.

That's how sometimes you end up with one, two, or no "=" at the end of the encoded text. For more info you should really read the RFC which defined that standard and the wikipedia entry related to it.