urlsafe_b64encode always ends in '=' ?:

Question

I think this must be a stupid question, but why do the results of urlsafe_b64encode() always end with a '=' for me? '=' isn't url safe?

from random import getrandbits
from base64 import urlsafe_b64encode
from hashlib import sha256
from time import sleep

def genKey():
   keyLenBits = 64
   a = str(getrandbits(keyLenBits))
   b = urlsafe_b64encode(sha256(a).digest())
   print b

while 1:
   genKey()
   sleep(1)

output :

DxFOVxWvvzGdOSh2ARkK-2XPXNavnpiCkD6RuKLffvA=
xvA99ZLBrLvtf9-k0-YUFcLsiKl8Q8KmkD7ahIqPZ5Y=
jYbNK7j62KCBA5gnoiSpM2AGOPxmyQTIJIl_wWdOwoY=
CPIKkXPfIX4bd8lQtUj1dYG3ZOBxmZTMkVpmR7Uvu4s=
HlTs0tBW805gaxfMrq3OPOa6Crg7MsLSLnqe-eX0JEA=
FKRu0ePZEppHsvACWYssL1b2uZhjy9UU5LI8sWIqHe8=
aY_kVaT8kjB4RRfp3S6xG2vJaL0vAwQPifsBcN1LYvo=
6Us3XsewqnEcovMb5EEPtf4Fp4ucWfjPVso-UkRuaRc=
_vAI943yOWs3t2F6suUGy47LJjQsgi_XLiMKhYZnm9M=
CcUSXVqPNT_eb8VXasFXhvNosPOWQQWjGlipQp_68aY=

Answer 1

The '=' is for padding. If you want to pass the output as the value of a URL parameter, you'll want to escape it first, so that the padding doesn't get lost when later reading in the value.

import urllib
param_value = urllib.quote_plus(b64_data)

Python is just following RFC3548 by allowing the '=' for padding, even though it seems like a more suitable character should replace it.

Answer 2

I would expect that an URI parser would ignore a "=" in the value part of a parameter.

The URI parameters are: "&" , [name], "=", [value], next, so an equals sign in the value part is harmless. An unescaped ampersand has more potential to break the parser.

Answer 3

Base64 uses '=' for padding. Your string bit length isn't divisible by 24, so it's padded with '='. By the way, '=' should be URL safe as it's often used for parameters in URLs.

See this discussion, too.