Base64 Encoder / Decoder

Encode plain text to Base64 or decode Base64 back to readable text.

About Base64 Encoder / Decoder

Base64 is an encoding scheme that converts binary data into a text format using 64 printable ASCII characters (A–Z, a–z, 0–9, +, and /). It is widely used in web development, email systems, and API authentication to safely transmit binary data over text-based channels.

How to use

Type or paste your text into the input field, then click Encode to convert it to Base64, or paste a Base64 string and click Decode to get the original text back. Use Swap output to input to chain multiple operations. Everything runs in your browser using the native btoa and atob APIs.

Common use cases

  • HTTP Basic Auth — credentials are sent as Base64-encoded username:password in the Authorization header.
  • Data URIs — embed small images, fonts, or files directly in HTML or CSS without a separate HTTP request.
  • Email attachments — MIME encodes binary attachments as Base64 so they can be transported as text.
  • JSON APIs — encode binary blobs (images, PDFs) to include them in JSON payloads that cannot contain raw binary.
  • JWT tokens — the header and payload of a JSON Web Token are Base64URL-encoded strings.

About the Base64 Encoder

Base64 is an encoding scheme that represents arbitrary binary data using only 64 printable ASCII characters (A–Z, a–z, 0–9, plus + and / and = as padding). It was designed in the 1980s so that email — which historically supported only 7-bit ASCII — could carry binary attachments. Today it is everywhere: data URIs in CSS and HTML, embedded images in HTML email, the payload section of JSON Web Tokens, HTTP Basic authentication headers, and binary fields embedded inside JSON or XML documents.

This tool encodes any input string to Base64 and decodes Base64 back to plain text. It runs entirely in your browser using the standard btoa/atob and TextEncoder APIs, so input never leaves your device.

Base64 is not encryption

A common misconception is that Base64 hides data. It does not — Base64 is a deterministic, reversible encoding. Anyone who recognises a Base64 string can decode it instantly. Use it for transport encoding (making binary safe for text channels), never for confidentiality. For confidentiality, use real encryption (AES, RSA, or a higher-level system like libsodium); for integrity-only checks, use a cryptographic hash.

Encoding overhead and padding

Base64 expands data by exactly 4/3 (about 33%) because every 3 bytes of input become 4 output characters. The trailing equals signs (=) are padding, added when the input length is not a multiple of 3 to make the output length a multiple of 4. URL-safe Base64 (used in JWTs) replaces + with -, / with _, and often omits the padding entirely.

How to use the Base64 Encoder

  1. Paste text to encode

    Drop any string into the input area. Unicode is fully supported — emoji, accented characters, and non-Latin scripts all encode correctly.

  2. Or paste Base64 to decode

    Switch to decode mode and paste a Base64 string. The original text reappears.

  3. Copy the result

    One-click copy puts the encoded or decoded string on your clipboard.

Worked examples

Example 1

Input: Hello

Result: SGVsbG8=

Five-character input padded with one = to align the output to a 4-character boundary.

Example 2

Input: ToolBox

Result: VG9vbEJveA==

Seven-character input requires two = signs of padding.

Example 3

Input: 🚀 launch

Result: 8J+agCBsYXVuY2g=

Unicode emoji encode correctly because the tool applies UTF-8 encoding before Base64.

Real-world use cases

  • Embedding small images directly in CSS or HTML via data URIs.
  • Encoding HTTP Basic authentication credentials (username:password) for an Authorization header.
  • Carrying binary data inside a JSON field that does not natively support binary.
  • Reading the header or payload of a JSON Web Token (which is Base64-URL-encoded).
  • Quickly checking whether a string is itself Base64-encoded by attempting to decode it.

Tips & common mistakes

  • If you see + or / in a Base64 string used inside a URL, it is likely standard Base64 — URL-safe Base64 uses - and _ instead. Use the URL Encoder if you need to wrap standard Base64 in a URL.
  • Padding (=) is sometimes omitted from URL-safe variants. Most decoders accept the missing padding silently.
  • Encoding then decoding does not always return byte-identical bytes if the original was not valid UTF-8. For arbitrary binary, work with bytes directly rather than going through strings.
  • Do not use Base64 as a "lightweight obfuscation" for sensitive data. It provides no security at all.

Frequently asked questions

Why does the encoded string end in equals signs?

Those are padding characters. They make the output length a multiple of four, which simplifies decoding. Standard Base64 always pads; URL-safe variants often omit padding.

Is my input uploaded anywhere?

No. The browser's built-in btoa/atob functions perform the conversion locally. Nothing is sent over the network.

What happens if I try to decode an invalid string?

The decoder throws an error and the tool surfaces a clear message. The most common cause is an unsupported character (such as a space or +) or wrong padding.

Can I use Base64 to "encrypt" sensitive data?

No. Base64 is not encryption — anyone can decode it. Use real cryptography for confidentiality.

Related tools

JWT DecoderURL EncoderHash GeneratorHTML Entities

Last updated: June 2026 · All processing happens locally in your browser.