Base64 Encoder & Decoder

Encode and decode Base64 data for APIs and applications.

Paste text or Base64 and get results in milliseconds. Built for APIs, debugging, and data URLs.

By EverydayTools Team ·

🔒 PrivateRuns locally⚡ InstantMilliseconds🚫 No UploadNo server

Input Text

0 characters

Paste plain text to encode or Base64 string to decode instantly.

✨ Supports JSON, JWT, URLs, HTML, CSS, and more

Supports plain text files (.txt, .json, .xml, .html, .css, .js, .md) up to 1MB
Ctrl + Enter to convert

Base64 Output

0 characters
Enter text to encode or a Base64 string to decode.
Ctrl + Enter to convertCtrl + Shift + C to copy outputAuto Convert uses a 300ms debounce

Advertisement

What is Base64?

Base64 is a binary-to-text encoding scheme defined in RFC 4648. It represents binary data using only 64 printable ASCII characters: A–Z (26), a–z (26), 0–9 (10), and the symbols + and / (2). An = character is used as padding. This makes it safe to transmit binary data through channels that only handle ASCII text — such as email bodies, JSON fields, XML, HTML attributes, and HTTP headers.

Base64 is not encryption. It is reversible encoding — anyone can decode it without a key. Do not use Base64 to secure sensitive data.

Key fact: Base64 encodes every 3 bytes of input into 4 ASCII characters, which increases data size by approximately 33%. A 300KB image becomes ~400KB when Base64-encoded.

How Base64 Encoding Works

The encoding process works in 3-byte chunks:

  1. Take 3 bytes (24 bits) of input
  2. Split into four 6-bit groups
  3. Map each 6-bit value (0–63) to the Base64 alphabet
  4. If the input is not a multiple of 3 bytes, add = padding to complete the output

Example: The text Man (3 bytes: 77, 97, 110) encodes to TWFu. The text Ma (2 bytes) encodes to TWE= (one = padding). The text M (1 byte) encodes to TQ== (two = padding).

10 Common Uses of Base64

Data URIs (Inline Images)

<img src="data:image/png;base64,iVBORw0K..." />

Embed images directly in HTML or CSS without a separate HTTP request. Best for small icons and thumbnails.

JWT Tokens

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0...

JSON Web Tokens use Base64url (URL-safe Base64) to encode the header and payload. The signature is also Base64url encoded.

HTTP Basic Authentication

Authorization: Basic dXNlcjpwYXNz

Base64(username:password) is placed in the Authorization header. Note: this is NOT secure without HTTPS.

Email Attachments (MIME)

Content-Transfer-Encoding: base64

Email protocols (SMTP) are text-only. MIME uses Base64 to encode binary attachments (PDFs, images) for transport.

API Payloads

{"image": "SGVsbG8=", "type": "png"}

REST APIs that accept JSON cannot include raw binary. Base64-encode binary data (images, PDFs) to include them in JSON payloads.

Storing Binary in Databases

INSERT INTO files (data) VALUES ('SGVsbG8=')

VARCHAR or TEXT columns cannot store binary blobs cleanly. Base64 encoding allows binary storage in text fields as a workaround.

CSS Background Images

background: url(data:image/svg+xml;base64,...)

Inline SVGs and small images in CSS using data URIs. Eliminates HTTP round-trips for critical above-the-fold assets.

Cryptographic Keys and Certificates

-----BEGIN PUBLIC KEY----- MIIBIjANBgkq...

PEM format (used for TLS certificates, SSH keys, and crypto keys) is Base64-encoded DER binary data.

Cookie Values

Set-Cookie: session=dXNlcjoxMjM=

Base64 encoding ensures cookie values contain only safe ASCII characters, avoiding issues with special characters in cookie parsing.

Environment Variables for Binary Secrets

PRIVATE_KEY=LS0tLS1CRUdJTi4uLg==

Storing binary secrets (private keys, certificates) as Base64 in environment variables avoids newline and special character issues.

Standard Base64 vs URL-Safe Base64

VariantCharacter 62Character 63PaddingUse case
Standard (RFC 4648 §4)+/=Email, files, general use
URL-safe (RFC 4648 §5)-_OptionalJWT, URLs, filenames, cookies

The standard + and / characters have special meanings in URLs (+ = space, / = path separator). URL-safe Base64 replaces them so encoded data can be used in URLs and query strings without percent-encoding.

Base64 in Code — Quick Reference

JavaScript (Browser)

Encode:
btoa("Hello, World!")
Decode:
atob("SGVsbG8sIFdvcmxkIQ==")

btoa/atob work for ASCII. For Unicode, use TextEncoder + Uint8Array.

JavaScript (Node.js)

Encode:
Buffer.from("Hello").toString("base64")
Decode:
Buffer.from("SGVsbG8=", "base64").toString()

Buffer supports UTF-8 and binary natively.

Python

Encode:
import base64 base64.b64encode(b"Hello")
Decode:
base64.b64decode("SGVsbG8=")

Use urlsafe_b64encode() for URL-safe variant.

PHP

Encode:
base64_encode("Hello")
Decode:
base64_decode("SGVsbG8=")

For URL-safe, replace +→- and /→_ after encoding.

Example

This example shows how plain text is converted to Base64 and decoded back to readable text.

Try this example above to see it in action instantly.

Click an example to try it instantly

Working with auth tokens? Decode JWT base64url segments and inspect claims using our JWT decoder online tool for faster authentication debugging.

By Muhammad Abdullah Rauf · Founder, EverydayTools.proUpdated 2026

Quick answers

Concise answers for common searches — definitions, steps, and comparisons.

How does Base64 encoding actually work mechanically?

Base64 encoding converts binary data into printable ASCII text by mapping every 3 bytes of input (24 bits) into four 6-bit groups, each represented by one character from the Base64 alphabet (A–Z, a–z, 0–9, +, /). Because 6 bits can represent 64 values (2^6 = 64), the entire mapping fits in 64 printable characters. If input length is not divisible by 3, one or two padding bytes are added and the output ends with = or ==. The result is always 33% larger than the input: 3 bytes → 4 characters.

What is the difference between standard Base64 and Base64URL encoding?

Standard Base64 (RFC 4648 §4) uses + and / as the 62nd and 63rd characters, and = for padding. These characters have reserved meanings in URLs — + means space in form data, / is a path separator, = breaks some URL parsers. Base64URL (RFC 4648 §5) replaces + with - and / with _ and makes padding optional, producing output that is safe in URLs, HTTP headers, and cookies with no further escaping. JWTs always use Base64URL for their header and payload sections. Rule: use standard Base64 for MIME email and HTTP body content; use Base64URL for URLs, JWT tokens, and cookie values.

How is Base64 used in HTTP Basic Authentication?

HTTP Basic Authentication (RFC 7617) encodes credentials as Base64(username:password) and sends them in the Authorization header. The exact format is: Authorization: Basic <Base64(username:password)>. Example: username=admin, password=secret → Base64('admin:secret') → 'YWRtaW46c2VjcmV0' → header value 'Basic YWRtaW46c2VjcmV0'. Important: this encoding is NOT encryption — anyone who intercepts the header can decode it instantly. Always use HTTPS to protect Basic Auth credentials in transit. Never use Basic Auth over plain HTTP.

Can Base64 decode recover encrypted data?

No. Base64 is reversible encoding with no key — decoding always yields the original bytes. Encryption (AES-GCM, ChaCha20-Poly1305) requires a secret key and produces ciphertext that cannot be read without decryption. Symptom of confusion: developers Base64-encode AES ciphertext for transport (correct) but stakeholders call it 'encrypted with Base64' (incorrect). If decoding produces readable JSON or text, it was only encoded. True encryption output looks like random bytes when Base64-decoded.

How to use Base64 Encoder & Decoder

  1. Choose encode or decode

    Select 'Encode' to convert plain text or binary data to Base64, or 'Decode' to convert a Base64 string back to its original content.

  2. Paste your input

    Enter the text string or Base64-encoded value in the input field. Results update instantly — no button click needed for most inputs.

  3. Choose URL-safe mode if needed

    Enable URL-safe Base64 to replace + with - and / with _ — required when embedding Base64 in URLs, query parameters, or JWT tokens where standard characters cause parsing errors.

  4. Copy the output

    Click 'Copy' to send the result to your clipboard. All processing runs entirely in your browser — no data is transmitted to any server.

Who uses Base64 Encoder & Decoder?

Common real-world scenarios where this tool saves time.

HTTP Basic Auth headers

Encode API credentials (username:password) to Base64 for Basic Auth HTTP headers. Required by many REST APIs, developer portals, and legacy authentication systems as the standard credential transport format.

Email MIME attachments

MIME encoding uses Base64 to embed binary files — images, PDFs, audio — as text blocks inside email messages. This allows binary files to pass through email protocols that only support printable ASCII characters.

Inline data URIs in HTML/CSS

Convert small images, fonts, or SVGs to Base64 data URIs (src='data:image/png;base64,...') to embed them directly in HTML or CSS without separate HTTP requests — reduces round trips for small critical assets.

JWT token inspection and debugging

JWT header and payload sections are Base64URL-encoded JSON. Decode either section during debugging to inspect claims (expiry, user ID, scopes, issuer) without needing a JWT library or auth server access.

Workflow guides

Step-by-step chains that connect related tools for common tasks.

Decode JWT credentials → inspect claims

  1. Decode a Base64 or Base64URL payload here to read its raw bytes or text.
  2. If the decoded value is a JSON Web Token (header.payload.signature), paste the full token string into JWT Decoder to read claims (sub, exp, iss) with automatic timestamp conversion.

Build HTTP Basic Auth header → encode for OAuth or API requests

  1. Encode a redirect_uri or callback URL with URL Encoder/Decoder to make it safe for inclusion in query parameters.
  2. Base64-encode the 'username:password' credential string here using standard Base64 — the result is the value after 'Basic ' in the Authorization header.

Base64 Encoder & Decoder examples

HTTP Basic Auth header

Input

Username: apiuser  ·  Password: s3cr3t!

Output

Base64('apiuser:s3cr3t!') = YXBpdXNlcjpzM2NyM3Qh  →  Authorization: Basic YXBpdXNlcjpzM2NyM3Qh

HTTP Basic Auth combines credentials as 'username:password', encodes to Base64, and sends the result as an Authorization header. This illustrates why Basic Auth is not secure without HTTPS — the credentials are trivially decoded by anyone who intercepts the header.

Decode a JWT payload section

Input

JWT payload segment: eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ

Output

{"sub":"1234567890","name":"John Doe","iat":1516239022}

JWT tokens consist of three Base64URL-encoded sections separated by dots (header.payload.signature). Decode the middle section to inspect claims — user ID, issued-at time, expiry, roles — without needing a library. Decoding reveals the content but does not verify the signature.

Inline image as data URI

Input

Small PNG icon binary data (e.g. a 1×1 red pixel)

Output

src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8z8BQDwADhQGAWjR9awAAAABJRU5ErkJggg=="

Encode small images to Base64 and embed them directly as data URIs in HTML or CSS — eliminating an HTTP request. Keep this technique to images under 10 KB; larger files cause more harm than good by bloating the HTML document.

How Base64 encoding works

Base64 is defined in RFC 4648. The encoder reads input 3 bytes at a time (24 bits), splits those 24 bits into four 6-bit groups, and maps each 6-bit value to a character in the Base64 alphabet (A=0, B=1, … Z=25, a=26, … z=51, 0=52, … 9=61, +=62, /=63). When input length is not a multiple of 3, the final group is padded with zero bits and '=' padding characters are appended to produce a 4-character-aligned output. URL-safe Base64 (RFC 4648 §5) substitutes '+' with '-' and '/' with '_' to produce output safe for URL path segments and query parameters without percent-encoding.

Sources

Reference tables

Base64 alphabet variants compared

Different Base64 standards use different character sets for characters 62 and 63.

VariantChar 62Char 63PaddingDefined InCommon Use
Standard Base64+/= (required)RFC 4648 §4MIME email, HTTP headers, general encoding
URL-safe Base64-_= (optional)RFC 4648 §5JWT tokens, URL parameters, filenames
Base64 for IMAP (Modified UTF-7)+,NoneRFC 3501IMAP mailbox names
bcrypt Base64./Nonebcrypt specbcrypt password hashes only

Encoding comparison: Base64 vs other text-encoding schemes

When to use Base64 vs alternatives for binary-to-text conversion.

EncodingSize overheadCharacter setBest for
Base64+33%64 printable ASCII charsBinary data in text protocols (email, JSON, HTTP)
Hex (Base16)+100%0–9, a–f (16 chars)Checksums, hashes, color codes — human-readable bytes
URL encoding (%XX)Varies% + hex digitsSpecial characters in URL components
Base32+60%A–Z, 2–7 (32 chars)Case-insensitive environments, TOTP secrets
Raw binary0%All 256 byte valuesFiles — not safe for text protocols

When to use Base64 Encoder & Decoder vs related tools

Related toolUse this tool whenUse related tool when

Best practices

Use URL-safe Base64 for tokens and URLs

Strip whitespace before decoding

Do not Base64-encode passwords

Compress before encoding large binary data

Validate output length for integrity checks

Common mistakes to avoid

Treating Base64 as encryption

Base64 provides zero security. Anyone who sees a Base64 string can decode it instantly. Use HTTPS for transport security and proper encryption (AES-256) for data at rest. Never store passwords or secrets as Base64 — use hashing (bcrypt, Argon2) instead.

Using standard Base64 in URLs

Standard Base64 uses '+' and '/' which have special meaning in URLs and must be percent-encoded (%2B, %2F). Use URL-safe Base64 (replaces + with - and / with _) for tokens, query parameters, and JWT signatures.

Expecting compressed output

Base64 output is always 33% larger than input — it is an encoding, not a compression algorithm. If size matters, compress the data first (gzip, deflate) then Base64-encode the compressed result.

Troubleshooting

Decoded output is garbled / unreadable text

Fix:

Invalid character in Base64 string error

Fix:

Output ends with unexpected === padding

Fix:

btoa() TypeError: failed to execute on string with non-Latin1 characters

Fix:

Data URI image is not displaying in browser

Fix:

Advertisement

Frequently Asked Questions

Is Base64 the same as encryption?

No. Base64 is encoding, not encryption. It converts binary data to printable ASCII text for safe transmission through text-only protocols. Anyone can decode it instantly — it provides no security or confidentiality. For security, use HTTPS for transmission and AES-256 encryption for data at rest.

What is the difference between Base64 and Base64URL?

Standard Base64 uses A–Z, a–z, 0–9, +, and /. URL-safe Base64 (Base64URL) replaces + with - and / with _ to avoid characters that have special meaning in URLs and HTTP headers. Use URL-safe Base64 whenever embedding the output in a URL, cookie, or query value.

Why does Base64 output end with = or ==?

Base64 processes input in 3-byte groups. When input length is not a multiple of 3, the final group is padded to produce a complete 4-character block. One = means one padding byte was added; == means two were added. The total output length is always a multiple of 4 characters.

Where does Base64 encoding run?

In your browser via btoa/atob (or FileReader for files). Tokens, keys, and file bytes are not sent to EverydayTools servers during encode or decode.

Can Base64 encode binary files, not just text?

Yes. Base64 encodes any binary data — images, PDFs, audio, executables. The output is always ASCII text regardless of input type. Binary content produces valid Base64 but the decoded output must be handled as binary (saved as a file), not displayed as text in a text area.

Why does my decoded output look like gibberish?

The encoded input is likely a binary file (image, PDF, zip archive) rather than text. Base64 encodes any binary data, but displaying binary bytes as text produces unreadable characters. Download the decoded output as a file rather than reading it as text.

What is the size overhead of Base64 encoding?

Base64 output is always approximately 33% larger than the input. Every 3 bytes of input produces 4 Base64 characters. Including line breaks (MIME format adds one every 76 characters), the overhead rises slightly to about 37%. If file size matters, compress the data first.

How do I encode a file to Base64 in JavaScript?

Use the FileReader API: reader.readAsDataURL(file) gives a data URI with Base64 content after the comma. For just the Base64 string without the data: prefix, use FileReader.readAsArrayBuffer() then convert the array buffer to Base64 manually, or use a library like js-base64.

What is a Base64 data URI?

A data URI embeds file content directly in an HTML src or CSS url() attribute: data:image/png;base64,iVBOR.... The browser decodes and displays it without a separate HTTP request. Best used for small files (under 10 KB) — larger files increase HTML size and block rendering.

Privacy, accuracy, and trust

Privacy

All Base64 encoding and decoding runs entirely in your browser's JavaScript engine. Your input — including API keys, credentials, tokens, and file content — is never transmitted to any server.

Accuracy

Encoding and decoding are exact and reversible — decode(encode(x)) always returns x for valid input. The 33% size overhead is a mathematical property of the 6-bit-to-8-bit mapping, not a tool limitation.

Advertisement