• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » Base64 Encoder and Decoder Algorithm in PowerShell – with Examples

Base64 Encoder and Decoder Algorithm in PowerShell – with Examples

May 31, 2020 - by Zsolt Agoston - last edited on March 3, 2021

PowerShell, as most of the scripting languages has a built-in function for Base64 encoding and decoding. If you are only interested in this quick way, here's the syntax. If you want to dive deeper in the algorithm, keep reading!

# Encode 'a'
[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('a'))

# Decode 'YQA='
[System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('YQA='))

Encoding

The idea of encoding and decoding to- and from Base64 using PowerShell is based on the very same algorithm as we used in our Python example.

In this short article we go through the process of encoding and then decoding the single letter 'a'.

Spoiler alert: the resulting Base64 string will be 'YUFB=='. Look at that, six times longer than the original one letter text we started with!

To be fair, it is an extreme example. The average Base64 encoded string is only 33% longer than the original input, as the algorithm takes 3byte long blocks of characters and converts them into a 4byte large encoded output. For more explanation and examples, click here.

Let's see how we get from 'a' to 'YUFB=='

Encoder Script
function Base64Encode($s) {
$i = 0
$base64 = $ending = ''
$base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
  
# Add padding if string is not dividable by 3
$pad = 3 - ($s.length % 3)
if ($pad -ne 3) {
		$s += "A" * $pad
		$ending = "=" * $pad
	}

# Iterate though the whole input string
while ($i -lt $s.length) {
	# Take 3 characters at a time, convert them to 4 base64 chars 
	$b = 0
	for ($j=0; $j -lt 3; $j++) {
	
		# get ASCII code of the next character in line
		$ascii = [int][char]$s[$i]
		$i++
		
		# Concatenate the three characters together 
		$b += $ascii -shl 8 * (2-$j)
		}
	
	# Convert the 3 chars to four Base64 chars
	$base64 += $base64chars[ ($b -shr 18) -band 63 ]
	$base64 += $base64chars[ ($b -shr 12) -band 63 ]
	$base64 += $base64chars[ ($b -shr 6) -band 63 ]
	$base64 += $base64chars[ $b -band 63 ]
	}

# Add the actual padding to the end after removing the same number of characters
if ($pad -ne 3) {
        $base64 = $base64.SubString(0, $base64.length - $pad)
        $base64 += $ending
        }

# Return the Base64 encoded result
return $base64
}
Base64 Encoder and Decoder Algorithm in PowerShell – with Examples

The program first takes the first 3 bytes of the string (as the minimum length of code that can be encrypted is 24bit). Here we have only one ASCII character, which is 8bit large. So two padding character needs to be added to the original string, and we use 'A' as the padding character. Note that it can be anything you like as it is discarded at the end of the encoding process.

Next, the 24bit long block is built out of the 'aAA' string, and stored in variable $b.

When the block is ready, the script divides it into four 6bit pieces, by shifting the bits in the block first 18times to place the desired 6bit in the rightmost position in the variable, then masks it with the decimal 63, that translates to the binary ..0000111111. This way all the bits after the first 6bits will be discarded.

The procedure is repeated with the second piece, shifting the block only 12 times that time, then getting the third piece by shifting 6 times. The last piece doesn't need shifting as the last 6bits in the block is already in the right position.

The last step is mapping the corresponding character in the base64char array to the 6bit number we get. It is YUFB, and the script appends two '==' characters to the end so the decoder will know how many characters to discard from the end after decoding. Remember, the string 'aAA' was encoded, the last two 'AA' piece needs to be omitted to get the original input back.

Base64 Encoder and Decoder Algorithm in PowerShell – with Examples

Decoding

The decoding steps are the exact reverse of the encoding procedure.

Decoder Script

function Base64Decode($s) {
$i = 0
$base64 = $decoded = ''
$base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

# Replace padding with "A" characters for the decoder to work and save the length of the padding to be dropped from the end later
if ($s.substring($s.length - 2,2) -like "==") {
	$s = $s.substring(0, $s.length - 2) + "AA"
	$padd = 2
	}
elseif ($s.substring($s.length - 1,1) -like "=") {
	$s = $s.substring(0, $s.length - 1) + "A"
	$padd = 1
}

# Take 4 characters at a time
while ($i -lt $s.length) {
	$d = 0
	
	for ($j=0; $j -lt 4; $j++) {
		$d += $base64chars.indexof($s[$i]) -shl (18 - $j * 6)
		$i++
		}

	# Convert the 4 chars back to ASCII
	$decoded += [char](($d -shr 16) -band 255)
	$decoded += [char](($d -shr 8) -band 255)
	$decoded += [char]($d -band 255)
}

# Remove padding
$decoded = $decoded.substring(0, $decoded.length - $padd)

# Return the Base64 encoded result
return $decoded
}
Base64 Encoder and Decoder Algorithm in PowerShell – with Examples

The algorithm first removes the trailing '==' which are markers only, not part of the encoded text. They show how many characters to remove from the end after the decoding process. The number of the padding bytes are stored for later use.

The numeric values of the 6bit building pieces are retrieved using the base64chars array. Then the resulting numbers are concatenated into a 24bit block. That block is divided into three pieces, getting back the actual ASCII codes of the original string that was encoded before.

The division happens by shifting bits right and masking them, this time using the decimal 255, as that will cover the desired 8bits (..0011111111).

After the original characters are decoded, the program discards that many characters from the end as the number of '=' character was put after the encoded string. Here it needs to remove two padding characters as there were two trailing '=' after the base64 code.

Base64 Encoder and Decoder Algorithm in PowerShell – with Examples

Reader Interactions

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • Encoding
  • Decoding

  • Terms of Use
  • Disclaimer
  • Privacy Policy
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}