Base64 Encode & Decode

Understanding Base64 Encoding and Decoding

Base64 is one of those quiet workhorses of the internet that almost everyone relies on without ever noticing it. Every time you embed a small image directly inside a stylesheet, open an email with an attachment, or inspect the token your app sends to a server, there is a very good chance you are looking at Base64. This tool lets you convert plain text into Base64 and back again, instantly and entirely within your own browser, so you can inspect data, debug an API, or prepare a value for a configuration file without sending anything to a server.

What Base64 Actually Is

At its heart, Base64 is a way of representing binary data using only 64 printable characters: the uppercase letters A to Z, the lowercase letters a to z, the digits 0 to 9, and two extra symbols, the plus sign and the forward slash. The name comes from the fact that the scheme draws from an alphabet of 64 symbols. The encoder takes the raw bytes of your data, groups them into chunks of three bytes (24 bits), and then splits each chunk into four groups of six bits. Because six bits can represent 64 possible values, each group maps neatly onto one character of the Base64 alphabet. When the input does not divide evenly into groups of three bytes, the encoder pads the result with one or two equals signs so the output length is always a multiple of four.

Why Base64 Exists

Computers store everything as binary, but many of the systems we use to move data around were originally designed only for text. Early email protocols, for instance, expected messages to contain printable characters and could mangle or strip out raw binary bytes such as the control characters that appear in an image or a compressed file. Base64 solves this by translating arbitrary binary into a safe, text-only form that survives transmission through channels that only understand text. The trade-off is size: because Base64 uses four characters to represent every three bytes, the encoded output is roughly 33 percent larger than the original. That overhead is the price you pay for guaranteed safe transport.

Where You See Base64 Every Day

Base64 turns up in more places than most people realise:

• Data URIs: small images, fonts, and icons can be embedded directly into HTML or CSS as data:image/png;base64,... strings, saving an extra network request.
• Email attachments: the MIME standard that powers modern email uses Base64 to encode attached files so they travel safely through mail servers.
• Embedding images and fonts: build tools often inline assets as Base64 to reduce the number of files a page must download.
• JSON Web Tokens (JWT): the header and payload of a JWT are Base64URL-encoded JSON objects, which is why you can decode the middle section of a token to read its claims.
• HTTP Basic authentication: the classic Authorization: Basic header carries a username and password joined by a colon and encoded with Base64.
• Storing binary in text formats: configuration files, XML, and APIs frequently carry certificates, keys, or small blobs as Base64 because those formats are text-based.

How to Use This Tool, Step by Step

Using the converter above takes only a moment:

• Choose a mode. Click Encode to turn plain text into Base64, or Decode to turn Base64 back into readable text.
• Enter your input. Type directly into the input box or paste a value from elsewhere. The placeholder text reminds you which direction you are working in.
• Set options if needed. Tick URL-safe to produce output suitable for URLs and filenames, and tick Strip = padding if you want the trailing equals signs removed.
• Run the conversion. Press the matching button. The result appears immediately in the output box below.
• Copy or swap. Use Copy to put the result on your clipboard, or Swap input/output to feed the result back into the input so you can quickly reverse the operation.

Standard Base64 Versus URL-Safe Base64

Standard Base64 uses the plus sign and the forward slash as its two extra characters. That is fine in most contexts, but both of those characters have special meanings inside URLs: the plus can be interpreted as a space, and the slash separates path segments. To avoid this, a variant called URL-safe Base64 replaces the plus with a hyphen and the slash with an underscore. The rest of the alphabet stays the same. URL-safe Base64 is what JSON Web Tokens use, and it is the right choice whenever the encoded value will appear in a web address, a query parameter, or a filename. When you tick the URL-safe option in this tool, the encoder swaps those characters automatically, and the decoder reverses the swap before decoding so both standard and URL-safe input are accepted.

Important: Base64 Is Encoding, Not Encryption

This point deserves emphasis because it is the single most common misunderstanding about Base64. Encoding a value does not protect it. Base64 is a reversible, public transformation with no secret key involved. Anyone who sees a Base64 string can decode it back to the original in seconds, exactly as this tool does. It provides no confidentiality whatsoever. Never treat Base64 as a way to hide passwords, API keys, personal information, or any other sensitive data. If you need to keep something secret, you need real encryption, such as AES, and proper key management. Base64 simply makes binary data safe to transport as text; security is an entirely separate concern.

The Size Overhead

Because every three bytes of input become four characters of output, Base64 increases the size of your data by approximately one third, or about 33 percent. For a tiny icon this is negligible, but for larger files the growth becomes meaningful, which is why you generally inline only small assets as data URIs and serve larger files normally. The padding characters add a tiny amount more. If you are deciding whether to embed something as Base64, weigh the saved network request against this extra weight.

Troubleshooting Invalid Input

When decoding fails, it is almost always because the input is not valid Base64. Common causes include stray spaces or line breaks copied from another document, missing padding characters at the end, characters that are not part of the Base64 alphabet, or a URL-safe string that was decoded without enabling the URL-safe option. This tool is forgiving where it safely can be: it trims whitespace, accepts both standard and URL-safe characters, and automatically restores any missing padding before decoding. If you still see an error, double-check that you copied the entire string and that you are in Decode mode rather than Encode mode.

Privacy and In-Browser Processing

Everything this converter does happens locally, in the JavaScript running inside your browser tab. Your text is never uploaded, logged, or stored on any server, because there is no server step involved in the conversion at all. That makes the tool safe to use even with internal identifiers or debugging data, and it means it keeps working instantly even if your connection drops. When you close the tab, whatever you entered is gone. The encoding itself is UTF-8 aware, so accented letters, emoji, and characters from any language are handled correctly in both directions rather than being corrupted, which is a common failing of naive Base64 implementations.