Base64 Encoder & Decoder
Encode and decode Base64 strings online. Convert text, files and images to Base64 format. Free Base64 encoder/decoder tool with copy button
Base64 turns arbitrary bytes into a 64-character ASCII subset (A-Z, a-z, 0-9, +, /) so binary data can travel through text-only channels: email bodies, JSON payloads, JWT segments, data URIs. It is not encryption, not compression, and it makes data 33% larger — but it is the standard way to put bytes where bytes are not allowed. This encoder handles standard Base64 (RFC 4648 §4) and URL-safe Base64 (§5, with - and _ in place of + and /), and decodes both correctly regardless of padding.
How it actually works
Base64 takes input bytes in groups of 3 (24 bits) and outputs 4 characters (4 × 6 = 24 bits). Each output character represents 6 bits, looked up in the 64-character alphabet. If the input length is not a multiple of 3, the encoder pads the output with one or two = characters to keep the alignment. This is why Base64 strings always have lengths that are multiples of 4 when padded — and why decoders must accept missing padding gracefully (some encoders strip it).
Working example
Input
Hello
Output
Bytes: H e l l o ASCII: 72 101 108 108 111 Binary: 01001000 01100101 01101100 01101100 01101111 Group into 6-bit chunks: 010010 000110 010101 101100 011011 000110 1111(00) Lookup in alphabet: S G V s b G 8 + padding Result: SGVsbG8=
The trailing = is one byte of padding because the input length (5) is not divisible by 3. The decoder uses the = to know which bits are real and which are filler.
Standard vs URL-safe Base64
Standard Base64 uses + and / for indices 62 and 63. URL-safe Base64 replaces them with - and _ because + and / have special meaning in URLs and filenames. They are otherwise identical and one-to-one mappable. JWTs use URL-safe Base64 specifically because the tokens travel in URL query strings and HTTP headers.
- Standard: SGVsbG8gV29ybGQ/ — the / breaks in URL paths and filesystem paths
- URL-safe: SGVsbG8gV29ybGQ_ — drop-in for URLs and storage keys
- Some encoders also strip the = padding from URL-safe variants — decoders must add it back internally before processing
When to reach for this tool
- You have a base64-encoded image (data URI) and need to inspect what file format is actually inside (PNG starts with iVBORw0K, JPEG with /9j/, PDF with JVB).
- You are debugging an HTTP Basic Auth header (Authorization: Basic ...) and need to recover the user:pass from the encoded portion.
- You are sanity-checking a JWT payload that another service is sending — paste just the middle segment to decode.
- You are embedding a small binary asset (icon, font) into a JSON config or HTML file as a data URI.
What this tool will not do
- It will not decrypt anything. Base64 is encoding, not encryption — there is no key. If your "encrypted" string decodes cleanly to plaintext, it was never encrypted.
- It will not compress your data. Base64 grows the input by 33% (plus padding). For network transfer of binary, use the actual binary format (or gzip) wherever possible.
- It will not handle very large files efficiently in pure JavaScript. For multi-GB binary data, use a streaming library on the server side; pasting an entire video into a text box is going to disappoint.
Encoding happens locally in your browser. Pasting an authorization header to a server-side decoder leaks the embedded credentials. This decoder works offline.
Frequently asked questions
Why does my Base64-encoded JSON look different from the same JSON encoded elsewhere?
Either character encoding (UTF-8 vs UTF-16) or line endings (\n vs \r\n) differ between the two inputs. Base64 is byte-exact: identical bytes produce identical Base64 output. Compare the raw byte sequences before assuming Base64 itself is at fault.
How do I tell standard from URL-safe Base64?
Standard contains + and / characters; URL-safe contains - and _. If the string contains neither, both decoders produce the same result and you cannot tell. Try standard first — if decoding fails, try URL-safe.
My decoded text contains weird characters. Is the Base64 broken?
Probably not. Base64 decodes back to raw bytes; if those bytes are not UTF-8 text (binary file, UTF-16, Latin-1) they will display as garbage. Check whether the original input was actually text or a binary blob.
Can I use Base64 to hide a password in client-side code?
No. Anyone with a browser dev tools can decode it in five seconds. Base64 is not a security mechanism. If you need a secret in client-side code, the architecture is wrong.
Why does my Base64 string have == at the end?
Padding. The original byte length was congruent to 1 mod 3, so the encoder added 2 bytes of padding to keep the output a multiple of 4 characters. = means "this position holds no real data". The decoder uses padding to know exactly how many output bytes to produce.
Is Base64 case-sensitive?
Yes. A and a represent different 6-bit values (0 and 26 respectively). Mangling case will corrupt the decoded output.
Related tools
Encode and decode URLs online. Convert special characters to percent-encoding for safe URLs. Free URL encoder/decoder tool for developers
Encode and decode HTML entities online. Convert special characters like <, >, &, quotes to HTML entities. Free HTML escape/unescape tool
Convert images to Base64 encoded strings for embedding in HTML/CSS. Support for PNG, JPEG, GIF, WebP. Free online image to data URI converter
Decode and inspect JWT tokens. View header, payload, signature. Verify JWT expiration and claims. Free online JSON Web Token decoder and debugger
Generate JSON Web Tokens with custom claims. Support for HS256, HS384, HS512 algorithms. Set expiration, issuer, subject, audience. Free online JWT generator
Convert numbers between binary, octal, decimal, hexadecimal and custom bases (2-36). Free online number system converter for programmers
Last updated · E-Utils editorial team