Dev Tools Encode Base64 Encoder/Decoder
100% client-side · No signup · Free forever

Base64 Encoder & Decoder

Encode text to Base64 or decode Base64 back to plain text. UTF-8 safe, client-side.

1
Encode tool
Base64 Encoder/Decoder
Live
Text / Base64
Output

Base64 is the most widely-deployed binary-to-text encoding on the internet. It powers email attachments (MIME), inline images in HTML (data: URIs), JWT tokens, Basic Auth headers, public-key cryptography (PEM format), and countless API payloads that need to ship binary data through text-only channels. This Base64 encoder/decoder runs entirely in your browser using the native btoa() and atob() functions, with proper UTF-8 handling so non-ASCII text (emoji, CJK, accented characters) round-trips perfectly.

How Base64 Encoding Works

Base64 takes 3 bytes of binary data (24 bits) and represents them as 4 ASCII characters (6 bits each), using an alphabet of A-Z a-z 0-9 + /. If the input length isn't a multiple of 3, the output is padded with = characters. The size overhead is exactly 4/3 (about 33% larger than the binary source), which is the cost of being safe to embed in JSON, URL paths, HTTP headers, and email bodies. Decoding reverses the process. For UTF-8 strings, this tool encodes the bytes of the UTF-8 representation (not the JavaScript UTF-16 code units), so multi-byte characters survive the round trip.

When to Use Base64

  • Inline imagesdata:image/png;base64,... URIs for small icons, avatars, or email signatures.
  • Basic HTTP AuthAuthorization: Basic <base64-of-user:pass>.
  • JWT tokens — the header and payload are base64url-encoded JSON; use our JWT decoder for that.
  • Public keys — PEM-encoded RSA/ECDSA keys are base64-encoded DER between -----BEGIN/-----END markers.
  • API payloads — webhook signatures, file uploads embedded in JSON, binary blobs in MongoDB.
  • Email attachments — MIME-encoded email bodies use Base64 for any non-text attachment.

Base64 in Code

// Browser
const encoded = btoa(unescape(encodeURIComponent(text))); // UTF-8 safe
const decoded = decodeURIComponent(escape(atob(encoded)));

// Node.js
const encoded = Buffer.from(text, 'utf-8').toString('base64');
const decoded = Buffer.from(encoded, 'base64').toString('utf-8');

// CLI
echo -n 'hello' | base64       # => aGVsbG8=
echo 'aGVsbG8=' | base64 -d    # => hello

Base64 vs. Base64URL

Standard Base64 uses + and / in its alphabet, which break when embedded in URLs (where + means space and / is the path separator). Base64URL (RFC 4648 §5) replaces those with - and _, and often omits the = padding. JWTs, OAuth2 PKCE, and most modern web protocols use Base64URL. This tool emits standard Base64 by default; for Base64URL output, replace +-, /_, and strip trailing =. To decode a JWT, use our dedicated JWT decoder.

Common Base64 Errors & How to Fix Them

The most frequent failure when decoding is an “invalid character” error, which almost always means one of three things: the string is actually Base64URL (contains - or _) and needs those characters swapped back to + and / before decoding; the input has stray whitespace or newlines (common when copying a PEM key or a multi-line MIME body — strip them first); or the padding is wrong, because a valid Base64 string’s length must be a multiple of 4, achieved by appending one or two = characters. Another classic bug is mojibake — garbled accented characters or emoji after a round trip — which happens when a tool encodes UTF-16 code units instead of UTF-8 bytes; this tool avoids that by always converting to UTF-8 first, so “café”, “世界”, and emoji all survive intact. Remember that Base64 is an encoding, not encryption — it provides zero confidentiality, since anyone can trivially decode it. Never use it to “hide” passwords or secrets; for that you need real cryptography. Base64 also inflates size by roughly 33%, so for large binary payloads consider whether you actually need text-safety or whether a raw binary transfer would be cheaper.

Frequently Asked Questions

Everything you need to know about the Base64 Encoder/Decoder.

What is Base64?

Base64 is a binary-to-text encoding scheme that represents binary or text data as an ASCII string using a 64-character alphabet (A-Z, a-z, 0-9, + and /). It is widely used in data URIs, email (MIME) attachments, Basic Auth headers, PEM-encoded keys, and JWT tokens.

Is it safe to paste sensitive data here?

Yes. All encoding and decoding happens entirely in your browser using the native btoa and atob functions. No data is sent to any server, logged, or stored.

How do I decode a Base64 string?

Paste the Base64 string into the input box and click Decode. The tool converts it back to the original UTF-8 text. If you get an error, the string may be Base64URL (replace - with + and _ with /) or contain stray whitespace that should be removed.

Is Base64 a form of encryption?

No. Base64 provides no security at all — anyone can decode it instantly. It only makes binary data safe to transmit through text-only channels. Never use Base64 to protect passwords or secrets.

Why is my Base64 output about a third larger than the input?

Base64 represents every 3 bytes of input as 4 ASCII characters, so the encoded output is roughly 33% larger than the source. This size overhead is the cost of being safe to embed in JSON, URLs, headers, and email.