Base64 Encoder & Decoder

Encode text and files to Base64 or decode Base64 back to text and files — instantly, in your browser.

How to use

  1. Choose the Encode or Decode tab.
  2. Type or paste your text, or upload a file.
  3. The result appears instantly — copy it or download it.

What is Base64?

Base64 is a way of representing binary data using only printable ASCII characters. It takes any data — text, an image, a PDF, a cryptographic key — and re-expresses it using a fixed set of 64 safe characters: the letters A–Z and a–z, the digits 0–9, and the two symbols + and /, with = used for padding. The point is not to hide or compress data, but to make it survive transport through systems that were only designed to handle plain text, such as email, URLs, JSON and HTML.

This tool lets you encode any text or file into Base64, and decode Base64 back into the original text or file. Everything happens directly in your browser, so your data never leaves your device — making it safe to encode and decode sensitive content without uploading it anywhere.

How Base64 works

Base64 works by regrouping bits. Ordinary bytes are eight bits each, but Base64 splits the data into groups of six bits instead. Six bits can represent 64 different values (2 to the power of 6), and each of those values maps to one character in the Base64 alphabet — which is where the name comes from.

Concretely, the encoder takes three bytes of input (24 bits) and divides them into four groups of six bits, producing four Base64 characters. That is why Base64 output is always a multiple of four characters long, and why encoded data is roughly 33% larger than the original: every three bytes become four characters. When the input length is not a multiple of three, the encoder pads the final group with one or two = signs so the output still lines up to a multiple of four. Decoding simply reverses the process: it maps each character back to six bits, reassembles them into eight-bit bytes, and discards the padding.

A common variant is URL-safe Base64, which replaces + and / with - and _ so the result can be placed in a URL or filename without escaping. This decoder accepts both the standard and URL-safe alphabets automatically, and tolerates line breaks and whitespace, so you can paste data copied from almost anywhere.

Common use cases

Base64 shows up all over modern software because so many systems are text-only. The most common uses include:

  • Data URIs. Small images, fonts and icons can be embedded directly in HTML or CSS as data:image/png;base64,…, avoiding an extra network request.
  • Email attachments. The MIME standard uses Base64 to send binary attachments through email, which is fundamentally a text protocol.
  • Embedding binary in JSON and XML. Since JSON and XML carry text, binary payloads such as images or files are Base64-encoded before being placed inside them.
  • Authentication headers. HTTP Basic Authentication sends username:password as a Base64 string, and JSON Web Tokens (JWTs) Base64url-encode their header and payload.
  • Storing or transmitting keys and certificates. PEM files wrap Base64-encoded binary keys between header and footer lines.
  • Copy-paste of binary data. When you need to move binary content through a channel that only accepts text — a chat message, a config file, a form field — Base64 makes it possible.

Security considerations

The single most important thing to understand about Base64 is that it is not encryption. It provides no security, secrecy or protection whatsoever. Anyone can decode a Base64 string in seconds — exactly as this tool does — so it must never be used to hide passwords, tokens or any sensitive information. If you see a "Base64 encoded password" in a configuration file, treat it as plaintext, because that is effectively what it is.

If you need to protect data, use real cryptography: encrypt it with a proven algorithm such as AES, and only then, if necessary, Base64-encode the ciphertext for safe transport. Base64 is the envelope, not the lock. A few other practical points are worth remembering: Base64 increases data size by about a third, so it is not suitable for large payloads where bandwidth matters; always validate input before decoding, since malformed Base64 can cause errors; and when you display decoded data on a web page, escape it properly to avoid cross-site scripting, because decoded content can contain anything — including HTML or script. This tool renders decoded output safely as plain text for exactly that reason.

Standard vs URL-safe Base64

Because the standard Base64 alphabet includes + and /, and uses = for padding, it can cause problems in places where those characters have special meaning — most notably in URLs, where / is a path separator and + can be interpreted as a space, and in filenames, where / is illegal. To solve this, a URL-safe variant swaps + for - and / for _, and often drops the padding altogether. This is the encoding used inside JSON Web Tokens and many web APIs. You do not need to worry about which variant you have when decoding here: this tool automatically recognises both alphabets and ignores any whitespace or line breaks, so data copied from an email header, a token, or a PEM certificate all decode correctly without manual cleanup.

Base64 vs encryption and hashing

It is worth being precise about how Base64 differs from two things it is often confused with. Encryption transforms data using a secret key so that only someone with the key can read it; it is reversible, but only with that key. Hashing produces a fixed-length fingerprint of data that cannot be reversed at all, and is used for integrity checks and password storage. Base64 is neither: it is a reversible, keyless, public transformation that anyone can undo. Encoding a password in Base64 gives you exactly zero protection. The correct pattern, when you need both security and safe transport, is to encrypt or hash first and Base64-encode the result afterwards purely so it can travel as text. Keeping these three concepts straight will save you from a whole class of security mistakes.

Encoding and decoding with this tool

Use the Encode tab to turn text or an uploaded file into Base64, and the Decode tab to turn Base64 back into readable text or a downloadable file. Conversion is live as you type, the character counts update instantly, and you can copy the result or download it with a single click. If you paste something that is not valid Base64, the decoder tells you clearly instead of producing garbage. It is a fast, private, no-signup way to work with Base64 whenever you need it.

Frequently asked questions

Base64 represents binary data as text so it can travel safely through text-only systems like email, JSON, URLs and HTML.

Yes, it is completely free with no sign-up and no limits.

No. Encoding and decoding happen entirely in your browser, so your data never leaves your device.

No. Base64 is encoding, not encryption — anyone can decode it. Never use it to protect secrets.

Base64 turns every 3 bytes into 4 characters, so the output is about 33% larger than the input.

Yes. Use the Upload option on the Encode tab to convert any file to a Base64 string.

Yes. If the decoded data is binary, you can download it as a file; text is shown directly.

Yes. The decoder accepts both standard and URL-safe Base64, and ignores whitespace and line breaks.

The input is not valid Base64 — it may contain invalid characters or have incorrect padding.

The in-browser tool handles large inputs; the optional server API accepts up to 3 MB of text or 5 MB files.