Base64 Encoder / Decoder
Encode text to Base64 or URL-safe Base64URL, and decode it back instantly in your browser. Full UTF-8 support handles Unicode and emoji, auto-detect figures out the direction for you, and everything runs locally — your data is never uploaded.
How the Base64 encoder / decoder works
This tool converts between text and Base64 entirely in your browser. Nothing is ever transmitted to a server — the conversion is performed by JavaScript running on your device.
Encoding
When you encode, the tool first turns your text into UTF-8 bytes using the
browser's TextEncoder, then maps every three bytes onto four Base64 characters.
Because the text is converted to UTF-8 first, characters outside the ASCII range — accented
letters, non-Latin scripts, and emoji — encode correctly instead of throwing an error.
Decoding
When you decode, the tool normalises the URL-safe alphabet (- and _)
back to standard Base64, ignores any whitespace or line breaks, re-adds padding if needed, and
decodes the bytes back to text as UTF-8. If the input is not valid Base64, you get a clear
message pointing at the problem.
Standard vs URL-safe
Tick URL-safe output to produce Base64URL: + becomes
-, / becomes _, and the trailing = padding
is removed. This variant is safe to drop into URLs, query strings, and filenames. Decoding
accepts either variant automatically, so you never have to pick.
Auto-detect & swap
Auto-detect mode inspects your input and chooses to encode or decode for you. The Swap button moves the result into the input and flips the mode, so you can round-trip a value and confirm it matches the original.
What is Base64?
Base64 is a binary-to-text encoding that represents binary data using a set of 64 printable ASCII characters. It is defined in RFC 4648 and is one of the most widely used encodings on the web. Its job is simple: take data that might contain bytes a text channel cannot handle and re-express it using only safe, printable characters.
How it works
- Input bytes are grouped into blocks of 3 bytes (24 bits)
- Each block is split into four 6-bit groups
- Each 6-bit group maps to one of 64 characters
- Leftover bytes are handled with
=padding
The alphabet
- A–Z → values 0–25
- a–z → values 26–51
- 0–9 → values 52–61
- + and / → values 62 and 63 (or
-and_in URL-safe)
Size note: Base64 makes data roughly 33% larger than the original, because every 3 bytes become 4 characters. That overhead is the price of being able to send binary data safely through text-only systems.
Base64 vs Base64URL
There are two common variants of the same encoding. They differ only in two characters and in how padding is handled, but choosing the wrong one can break a URL or a filename.
Standard Base64
Uses + and / and pads the end with =. This is the right
choice for email (MIME), PEM-encoded keys and certificates, and most binary-in-text storage.
The +, /, and = characters are not URL-safe, however.
URL-safe Base64URL
Replaces + with - and / with _, and usually
omits the = padding. This variant is used in JSON Web Tokens, URL query parameters,
cookies, and filenames — anywhere the standard symbols would need to be percent-encoded.
Good news: this decoder accepts both variants automatically, so you only need to choose a variant when encoding. To produce Base64URL, tick the “URL-safe output” box.
Common uses for Base64
Base64 turns up almost everywhere binary data has to travel through a text channel. Here are some of the places developers and IT professionals encounter it most often.
- Email attachments — MIME encodes binary files as Base64 in message bodies
- Data URIs — embedding images, fonts, or SVGs directly in HTML/CSS
- HTTP Basic Auth —
Authorization: Basicencodes user:password - JSON Web Tokens — header and payload are Base64URL-encoded
- PEM files — keys and certificates are Base64 wrapped in header lines
- Binary in JSON/XML — storing blobs in text-only formats
- API payloads — passing small binary values through string fields
- Config & secrets files — Base64-wrapped values (note: not encryption)
Security reminder: Base64 is encoding, not encryption. Anyone can decode it. Never rely on Base64 to protect passwords, API keys, or other secrets — use proper encryption and transport security such as TLS.
Privacy: processed locally in your browser
Everything this tool does happens entirely in your browser. When you type or paste text, it is handled exclusively by JavaScript running in your browser tab — it is never transmitted to any server, never logged, and never stored anywhere outside your device.
That makes the tool safe for inspecting Base64 you found in a config file, a token, or a log. Remember, though, that Base64 provides no secrecy: if a string contains a credential, decoding it reveals that credential in plain text, so treat the result accordingly.
Technical verification: Open your browser's developer tools (F12), select the Network tab, and encode or decode something. You will see zero outgoing requests. The tool works entirely through in-memory JavaScript execution.
Frequently asked questions
What is Base64 encoding?
Base64 is a binary-to-text encoding scheme that represents arbitrary binary data using only 64
printable ASCII characters: A–Z, a–z, 0–9,
+ and /. It works by taking three bytes (24 bits) of input and
splitting them into four 6-bit groups, each mapped to one character. The result is roughly one
third larger than the original but safe to transmit through systems that only handle text, such
as email, JSON, and URLs. Base64 is an encoding, not encryption — it provides no secrecy.
What is the difference between Base64 and Base64URL?
Standard Base64 uses + and / and pads the output with =.
Those characters have special meaning in URLs and filenames, so a URL-safe variant called
Base64URL (RFC 4648) replaces + with - and / with
_, and usually omits the = padding. The two are otherwise identical,
so a Base64URL string converts to standard Base64 by swapping those characters back and
re-adding padding. This tool can produce either variant and decodes both automatically.
Is Base64 encryption?
No. Base64 is encoding, not encryption. It does not use a key and provides no confidentiality — anyone can decode a Base64 string back to its original content with a tool like this one. Base64 only changes how data is represented so it can travel safely through text-based systems. Never use Base64 to hide passwords, tokens, or other secrets; use real encryption such as AES or TLS.
Is my data uploaded to any server?
No. All encoding and decoding happens entirely in your browser using JavaScript. Your text is never sent to any server, never logged, and never stored anywhere outside your own browser tab. You can confirm this by opening your browser's Network tab in developer tools while using the tool — you will see no outgoing requests. You can even disconnect from the internet after the page loads and it will keep working.
Does this tool support Unicode, emoji, and accented characters?
Yes. The tool encodes and decodes using UTF-8, so Unicode text — accented letters, non-Latin
scripts, and emoji — is handled correctly in both directions. Many naive Base64 implementations
break on characters outside the ASCII range because they call btoa() directly; this
tool converts text to UTF-8 bytes with TextEncoder before encoding and decodes the
bytes back with TextDecoder, so a character such as é or 😀 round-trips exactly.
Why does my Base64 string end with one or two equals signs?
The equals sign (=) is padding. Base64 encodes data in blocks of three bytes that
become four characters. When the input length is not a multiple of three, the final block is
padded so the output length stays a multiple of four: one leftover byte produces two
= signs, and two leftover bytes produce one = sign. The URL-safe
Base64URL variant often drops the padding because the length can be recomputed when decoding,
which is why this tool removes it for URL-safe output.
How do I decode a Base64 string?
Paste the Base64 (or Base64URL) string into the input box and choose Decode mode, or use Auto-detect and the tool will recognise it for you. The decoded text appears instantly in the output panel. Whitespace and line breaks in the pasted string are ignored, and both the standard and URL-safe alphabets are accepted. If the string is not valid Base64, the tool shows a clear error explaining what is wrong, such as an invalid character and its position.
Why am I getting an “invalid Base64” error?
A decode error usually means the input contains characters that are not part of the Base64
alphabet (A–Z, a–z, 0–9, +, /,
or -, _ for URL-safe), or that the string is incomplete. Common causes
are copying only part of the string, including surrounding quotes or labels, or trying to decode
plain text that was never Base64-encoded. The tool points to the first invalid character and its
position. If the data decodes but is not valid UTF-8, it is probably binary data such as an
image, which this text tool does not display.
Can I encode files or images with this tool?
Not in this version. This tool focuses on encoding and decoding text. File and image (data URI) encoding may be added later, but for now it accepts typed or pasted text only. If you paste Base64 that was produced from a binary file, the tool will decode it but report that the result is not valid UTF-8 text, because binary data cannot be shown as readable characters.
Where is Base64 actually used?
Base64 appears throughout modern computing. It carries binary attachments inside text-only email (MIME), embeds images and fonts in HTML and CSS as data URIs, encodes credentials in HTTP Basic Authentication headers, forms the header and payload of JSON Web Tokens (URL-safe variant), stores binary blobs inside JSON and XML, and packages keys and certificates in PEM files. Anywhere binary data must pass through a channel that only reliably handles text, Base64 is a common solution.