Home/Other/Base64 Encoder / Decoder
Other

Base64 Encoder / Decoder

Input
About this tool

Encode and decode Base64 — UTF-8 safe, in your browser

This Base64 Encoder / Decoder converts text to Base64 and back, entirely in your browser. It's UTF-8 safe — emoji, Greek, Chinese and any other Unicode text encode and decode correctly, which naive tools using plain btoa() get wrong.

Because everything runs locally, it's safe for the things Base64 often carries: API keys, basic-auth credentials, JWT segments, config secrets. Nothing you paste here leaves your device.

What Base64 actually is

Base64 is not encryption — it's a transport encoding. It represents any bytes using 64 safe characters (A–Z, a–z, 0–9, +, /) so binary data can travel through systems designed for plain text: email attachments, JSON payloads, data URLs, HTTP headers. Anyone can decode it instantly — never treat it as protection.

Example

Encoding Hello, world! produces SGVsbG8sIHdvcmxkIQ==.

The == at the end is padding: Base64 works in 3-byte groups, and padding marks how many bytes the final group was short. Decoding reverses it exactly — byte for byte.

FAQ

Frequently Asked Questions

What is Base64 encoding used for?

Carrying binary or arbitrary data through text-only channels: images embedded in CSS/HTML as data URLs, email attachments (MIME), API credentials in HTTP Basic Auth headers, the payload segments of JWT tokens, and binary values inside JSON or XML, which can only hold text.

Is Base64 encryption? Is it secure?

No — Base64 is an encoding, not encryption. There is no key; anyone can decode it instantly. It only makes data transportable, not secret. If you see a 'password' stored in Base64, treat it as stored in plain text. For secrecy you need actual encryption (AES, etc.).

Why does Base64 end with = or ==?

Padding. Base64 converts each 3 bytes of input into 4 output characters. If the input length isn't a multiple of 3, the last group is padded: one = means the final group had 2 bytes, == means it had 1. Some variants (like JWT's base64url) drop the padding entirely.

Why is my decoded Base64 garbled or an error?

Common causes: the string is base64url (uses - and _ instead of + and /) — replace those characters first; it's truncated or has whitespace/line breaks inside (this tool strips whitespace automatically); or the decoded bytes aren't text at all but binary data like an image, which won't display as readable characters.

How much bigger does Base64 make data?

Exactly 4/3 of the original — about 33% larger (plus padding). That's the price of using only 64 safe characters: each character carries 6 bits instead of a byte's 8. This is why embedding large images as Base64 data URLs hurts page performance.

What is the difference between Base64 and base64url?

Standard Base64 uses + and /, which clash with URLs and file names. Base64url (RFC 4648 §5) swaps them for - and _ and usually omits = padding. JWTs, URL parameters, and many APIs use base64url. To decode base64url here, replace - with + and _ with / first.

How do I decode a JWT token?

A JWT is three base64url segments separated by dots: header.payload.signature. Decode the first two to read them (convert base64url to Base64 first: - → +, _ → /). The signature segment is binary and won't be readable. Remember: decoding a JWT is trivial — its security comes from the signature, not secrecy.

Can Base64 encode emoji and non-English text?

Yes — text is first converted to UTF-8 bytes, then those bytes are Base64-encoded. This tool does that correctly. Naive JavaScript btoa() throws an error on any character outside Latin-1, which is why many online tools fail on emoji or Greek text.

How do I Base64-encode a file or image?

This tool handles text. For files, browsers use the FileReader.readAsDataURL API, or on the command line: base64 file.png (Linux/macOS) or [Convert]::ToBase64String([IO.File]::ReadAllBytes('file.png')) in PowerShell. The output can be used in a data: URL like data:image/png;base64,…

Is it safe to paste API keys or secrets into this tool?

Yes — encoding and decoding run entirely in your browser's JavaScript; nothing is transmitted or stored. That's specifically why we built it: pasting credentials into server-side converter sites means trusting a stranger's logs with your secrets.

How does Base64 encoding actually work?

The input bytes are read 24 bits (3 bytes) at a time, split into four 6-bit groups, and each 6-bit value (0–63) is mapped to a character in the alphabet A–Z, a–z, 0–9, +, /. Decoding reverses the mapping. It's pure arithmetic — no keys, no randomness, always the same output for the same input.

Why do emails and MIME use Base64?

Email protocols were designed for 7-bit ASCII text; raw binary bytes could be corrupted or interpreted as control characters in transit. MIME wraps attachments in Base64 so any file survives as safe text. The same logic applies anywhere a text-only pipeline needs to carry binary: JSON APIs, XML, config files.