Base64 Encoder / Decoder

Name: Base64 Encoder / Decoder
Author: S. Siddiqui

The Base64 Encoder/Decoder tool converts binary data into a Base64 string, or vice versa. Software developers, data scientists, and system administrators use it to transmit data without corruption, especially when dealing with systems that only support ASCII characters.

Edited by

S. Siddiqui Founder & Editor-in-Chief

Updated May 31, 2026

Sources:Wikipedia Wolfram AlphaUpdated May 2026

Input

Output

Output will appear here...

What Is the Base64 Encoder / Decoder?

Base64 is a binary-to-text encoding scheme that takes raw binary data and converts it into a string of printable ASCII characters. The name comes from the fact that it uses a 64-character alphabet, made up of uppercase letters, lowercase letters, digits, and the two symbols + and /. The full specification is set out in RFC 4648, which also covers URL-safe variants that swap out + and / for - and _. In practice, you come across Base64 constantly in web development, whether that is data URIs for images, JWT tokens, or MIME email attachments.

The encoder on this page works entirely in your browser. No data is sent to a server, which matters when you are dealing with credentials, private keys, or any other sensitive payload that you need to encode quickly without passing it through an external service.

How to Use the Base64 Encoder / Decoder

Paste your text or binary string into the input area on the left.
Choose whether you want to encode (plain text to Base64) or decode (Base64 back to plain text) using the toggle above the field.
The output appears instantly in the right panel. Click the copy button to pull it into your clipboard.
If you need a URL-safe variant, tick the URL-safe option. This swaps + for - and / for _, and strips trailing padding characters as required by many JWT libraries.
For binary files, use the file upload option to drop the file in and get the encoded string without having to run a command-line tool.

Technical Background

Base64 works by breaking input bytes into groups of three. Each group of 24 bits is then split into four 6-bit chunks, and each chunk is mapped to one of the 64 characters in the alphabet. Because you are packing three bytes into four characters, every Base64-encoded string is roughly one-third larger than the original. That overhead is the trade-off you make for being able to pass arbitrary binary data through text-based protocols like HTTP headers or JSON payloads.

When the input length is not divisible by three, padding characters (=) are added to fill out the final group. MDN's Base64 reference is a solid place to look through the mechanics if you want to understand how padding works in detail or how the URL-safe alphabet differs from the standard one.

On top of that, it is worth knowing that Base64 is an encoding scheme, not encryption. Anyone who comes across a Base64 string can decode it instantly. If you need to protect the underlying data, you have to encrypt it first and then encode it, not the other way around.

Common Use Cases

Data URIs: Embedding small images directly into CSS or HTML without a separate HTTP request. You encode the image bytes, prefix the string with the appropriate MIME type, and plug it into a src or background-image value.
JWT tokens: The header and payload sections of a JSON Web Token are Base64url-encoded. If you come across a JWT and want to look through its claims without setting up a dedicated tool, paste the middle section here and decode it.
API authentication: HTTP Basic Auth encodes username:password as Base64 and passes it in an Authorization header. This encoder lets you build or check those strings quickly.
Email attachments: MIME attachments in email are Base64-encoded so that binary files can pass through text-based mail servers. If you ever need to decode an attachment that has come through raw, this tool handles it.
Environment variables: Teams sometimes encode multiline config values or private keys in Base64 before storing them in environment variables to avoid newline issues.

For related encoding tasks, you might also want to look at the URL Encoder / Decoder for percent-encoding, or the MD5 Hash Generator if you need a one-way fingerprint rather than a reversible encoding.

Limitations to Know

Given that Base64 increases output size by about 33 percent, it is not a good fit for large binary files where bandwidth or storage matters. In practice, most teams use it for small payloads like tokens, credentials, and small images, and pass larger files as raw binary instead.

That said, this tool operates on text in the browser's memory. Very large inputs, say files over a few megabytes, may cause the interface to slow down. For those cases, a command-line utility like base64 on Linux/macOS or the equivalent PowerShell cmdlet on Windows will handle the job more efficiently.

What is more, if you are working with binary files that contain non-UTF-8 bytes, you should use the file upload path rather than pasting raw bytes as text. Pasting binary data as text can introduce encoding errors that corrupt the output.

Conclusion

The Base64 Encoder / Decoder is one of those tools you reach for regularly once you start working with APIs, tokens, and binary data in web development. It converts binary data into portable text and back again, with support for both the standard and URL-safe alphabets. Because everything runs in the browser, sensitive payloads stay on your machine. For a deeper look at the standard, the authoritative reference is RFC 4648.

Last reviewed: May 31, 2026

Founder's Real-World Experience

S. Siddiqui

Founder & Editor-in-Chief, YourToolsBase

How encoding a single string saved me an afternoon of OAuth debugging

When I was wiring up an OAuth 2.0 client credentials flow for a third-party analytics API, the authentication kept failing with a 401 even though I was certain the credentials were correct. The API docs said to send the client_id and client_secret as a Base64-encoded Authorization header in the format client_id:client_secret. I had encoded the string myself in a quick script, but something was off. I pasted both the raw string and the encoded output into this tool and immediately saw the problem: my script had produced URL-safe Base64 with hyphens and underscores, while the header required standard Base64 with plus signs and forward slashes, as defined in RFC 4648 Section 4.

On top of that, the padding was being stripped. The tool showed me the correct padded output with the trailing equals signs intact, and it also showed me that my raw string had a trailing space I had not noticed, which was being encoded into the payload and breaking the match on the server side. I stripped out the space, switched to standard Base64, and the 401 resolved straight away.

In practice, the difference between URL-safe and standard Base64 only surfaces when you are passing encoded data inside HTTP headers or query strings, which is exactly where most OAuth flows live. Having a tool that lets you toggle between the two variants and inspect the raw output is far quicker than reading spec documents when you are already 40 minutes into a debugging session.

401 resolved in under 5 minutesTrailing-space encoding bug caughtCorrect RFC 4648 standard Base64 output

Also used alongside: URL Encoder

Frequently Asked Questions

What is Base64 encoding used for?

Base64 is used to convert binary data into a text-safe format so it can pass through systems that only handle ASCII text. Common uses include data URIs for inline images, JWT token encoding, HTTP Basic Auth headers, and MIME email attachments. It is also used to encode binary configuration values like private keys before storing them in environment variables.

Is Base64 the same as encryption?

No. Base64 is an encoding scheme, not encryption. Anyone who comes across a Base64 string can decode it instantly with any Base64 tool. If you need to protect the underlying data, you must encrypt it before encoding. Think of Base64 as a way to change the format of data, not to hide it.

What is the difference between standard Base64 and URL-safe Base64?

Standard Base64 uses + and / as two of its 64 characters, which are reserved characters in URLs and can cause problems in query strings. URL-safe Base64 (defined in RFC 4648 Section 5) replaces + with - and / with _, making the output safe to include in URLs and filenames. JWT libraries typically use the URL-safe variant, often without the trailing = padding characters.

Why does Base64 output look longer than the input?

Base64 encodes every 3 bytes of input as 4 characters of output, which means the encoded result is always about 33 percent larger than the original. This size overhead is the trade-off for converting arbitrary binary data into a portable text format.

Can I use this tool for binary files?

Yes. Use the file upload option rather than pasting binary content as text. Pasting binary bytes into a text field can corrupt the data because browsers interpret the bytes as UTF-8 text. Uploading the file directly lets the tool read the raw bytes and produce an accurate Base64 string.

How do I decode a JWT token?

A JWT has three parts separated by dots. The first two parts (header and payload) are Base64url-encoded. Copy just the middle section (the payload), paste it into the decoder, and select URL-safe mode if your tool does not detect it automatically. The decoded result is a JSON object containing the claims. Note that decoding does not verify the signature, so treat decoded JWT claims as unverified until properly validated on a server.

∑ Formula

Rate This Tool

Was this tool helpful?

Be the first to rate this tool

💡 Pro Tip

Never store passwords in Base64 — it's encoding, not encryption. Anyone can decode it instantly. Use bcrypt or Argon2 for password storage.

About the Author

S. Siddiqui

Founder & Editor-in-Chief

LinkedIn Profile

S. Siddiqui is the founder and editor-in-chief of YourToolsBase, overseeing all content, tool accuracy, and editorial standards.

View full profile

Authoritative Sources

Formulas and data in this tool are based on guidelines from the above sources.