Instantly encode text to Base64 or decode Base64 strings online. Free, browser-based, no data sent to servers. Supports UTF-8, Unicode, emojis, and special characters.
Base64 is a binary-to-text encoding scheme that converts binary data into a string of 64 printable ASCII characters - uppercase A–Z, lowercase a–z, digits 0–9, plus + and /. The encoding takes every 3 bytes of raw input and maps them to exactly 4 Base64 characters, using = padding when the input length is not a multiple of 3. The result is a text-safe representation that can travel through any system designed to handle plain text without corrupting binary payloads.
The name "Base64" comes directly from the mathematical base of the encoding: 64 possible values per character, compared to binary (base-2) or hexadecimal (base-16). Each Base64 character represents exactly 6 bits of data, so 4 characters = 24 bits = 3 bytes of original binary data. This predictable math is why Base64-encoded data is always roughly 33% larger than the original - a common trade-off developers accept for compatibility across text-only channels.
Originally specified in RFC 2045 as part of the MIME email standard, Base64 has since become a foundational building block of the web. You will encounter it in HTTP Basic Authentication headers (Authorization: Basic dXNlcjpwYXNz), JSON Web Token (JWT) payloads, data URIs for embedding images in HTML and CSS, API payloads, XML/JSON serialization of binary fields, and TLS certificate fingerprints. Understanding Base64 encode and decode is a core skill for any web developer or security engineer.
This free online Base64 tool processes everything entirely in your browser. Nothing is uploaded to any server - your data stays private on your device.
Use the Sample button to load an example in the selected mode. The resizable split view lets you adjust panel widths by dragging the divider. Use the fullscreen button to focus on the output. Your last-used input is automatically saved to browser storage for 30 days.
Hello, World!
SGVsbG8sIFdvcmxkIQ==
{"user":"alice","role":"admin"}eyJ1c2VyIjoiYWxpY2UiLCJyb2xlIjoiYWRtaW4ifQ==
SGVsbG8sIFdvcmxkIQ==
Hello, World!
dXNlcjpwYXNzd29yZA==
user:password
Base64 encoding is ubiquitous in modern software. Here are the most common scenarios where developers need a fast Base64 encoder online tool:
The HTTP Basic Auth scheme requires credentials in the format username:password, Base64-encoded and passed in the Authorization header. For example, user:pass encodes to dXNlcjpwYXNz. This is not encryption - it only enables safe transport over ASCII-only HTTP headers. Always use HTTPS alongside Basic Auth.
The header and payload sections of a JWT are Base64URL-encoded (a variant that uses - and _ instead of + and / for URL safety). Decoding a JWT header or payload manually is a frequent debugging task - you can use this tool to quickly inspect what claims a JWT carries without writing code.
Small icons and inline images can be embedded directly in HTML or CSS using data URIs: src="data:image/png;base64,iVBORw...". This eliminates an HTTP request for each image and is popular for inlining SVGs, favicons, and small background textures in frameworks and email templates.
Email servers were historically built to carry 7-bit ASCII text. MIME (Multipurpose Internet Mail Extensions) uses Base64 to encode attachments - PDFs, images, and any binary file - so they survive the text-only transport without corruption. RFC 2045 defined this standard, making Base64 a prerequisite for modern email infrastructure.
JSON does not natively support binary data. When APIs need to transmit images, audio, or binary files within JSON, Base64 encoding converts the binary to a string field. Base64-encoded file uploads are common in chat APIs, document generation services, and OCR or vision AI APIs that accept images as base64 strings.
PEM (Privacy Enhanced Mail) format - the standard for SSL/TLS certificates, SSH keys, and GPG keys - uses Base64 to encode the underlying DER binary data between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- markers. Inspecting or converting certificates frequently requires Base64 decode operations.
When loading scripts or stylesheets from a CDN, browsers verify resource integrity using hashes encoded as Base64 in the integrity attribute: integrity="sha256-abc123...". Generating or verifying SRI hashes requires Base64 encoding of the SHA-256 or SHA-384 digest.
Multi-line secrets (private keys, certificates, JSON credentials) are often Base64-encoded to store them as single-line environment variables in CI/CD pipelines, Kubernetes secrets, and Docker configs. Encode with this tool, store the value, and decode at runtime.
Base64 is NOT encryption. This is the single most important thing to understand about Base64. It is an encoding scheme, not a security mechanism. Anyone with a Base64 decoder (including this tool) can instantly read any Base64-encoded data. There is no key, no password, and no cryptographic protection involved.
Never store passwords, API keys, or sensitive personal data in Base64-encoded form and assume it is protected. Use proper encryption (AES-256-GCM) or hashing with salting (bcrypt, Argon2) for security-sensitive data.
Understanding the Base64 algorithm helps debug encoding errors and character set issues. Here is a step-by-step breakdown:
= characters are appended to make the encoded length a multiple of 4.Base64URL is a variant used in JWTs and URLs that replaces + with -, / with _, and omits = padding. This makes the output safe for URL query parameters and filenames without percent-encoding.
Character set matters: Always specify UTF-8 when encoding Unicode text. Encoding as a different character set (Latin-1, Windows-1252) will produce a different Base64 string and cause decoding errors if the receiver expects UTF-8. Our tool always uses UTF-8.
Use the following code snippets to perform Base64 encoding in popular programming languages:
// Encode
const encoded = btoa(unescape(encodeURIComponent("Hello 🌍")));
// Decode
const decoded = decodeURIComponent(escape(atob(encoded)));import base64
# Encode
encoded = base64.b64encode("Hello".encode()).decode()
# Decode
decoded = base64.b64decode(encoded).decode()// Encode
const encoded = Buffer.from("Hello").toString("base64");
// Decode
const decoded = Buffer.from(encoded, "base64").toString("utf8");// Encode
$encoded = base64_encode("Hello World");
// Decode
$decoded = base64_decode($encoded);Base64 is used for encoding binary data (images, files, certificates) into ASCII text so it can be safely transmitted over text-based protocols like HTTP, SMTP (email), and JSON/XML APIs. Common use cases include embedding images in HTML/CSS as data URIs, encoding credentials in HTTP Basic Authentication headers, encoding JWT header and payload sections, transmitting binary files in REST API JSON bodies, and storing PEM-format cryptographic keys and certificates.
No. Base64 is encoding, not encryption. Any Base64-encoded string can be decoded by anyone instantly without a key or password. It provides zero confidentiality or security. For secure transmission of sensitive data, use TLS (HTTPS) for transport security, AES-256-GCM for symmetric encryption, and RSA or ECDSA for asymmetric encryption. Base64 is only for format compatibility, not security.
Base64 encodes 3 bytes at a time into 4 characters. When the input length is not divisible by 3, the encoder adds = padding to make the output a multiple of 4 characters. One = means the last group had 2 bytes; two == means the last group had 1 byte. If you see no padding, the input length was a multiple of 3.
Base64 increases data size by approximately 33% (4/3 ratio). For every 3 bytes of input, Base64 produces 4 characters. Additionally, line breaks in MIME-formatted Base64 (every 76 characters per RFC 2045) add a small overhead. This size increase is the trade-off for making binary data compatible with text-only channels.
Yes. Our tool correctly handles full UTF-8 encoding, including emojis (🚀, 🎉), accented characters (é, ü, ñ), CJK characters (中文, 日本語), Arabic, Hebrew, and all other Unicode text. The input is first UTF-8 encoded to bytes, and those bytes are then Base64-encoded. Make sure to specify UTF-8 on the decoding side as well.
Standard Base64 uses + and / as the 62nd and 63rd characters. These characters have special meaning in URLs (+ means space, / is a path separator). Base64URL replaces + with - and / with _, and omits the = padding. Base64URL is used in JWTs, URL parameters, and filenames. Our encoder outputs standard Base64; for Base64URL, replace the characters after encoding.
Yes. All encoding and decoding happens entirely in your browser using JavaScript's built-in btoa() and atob() functions combined with proper UTF-8 handling. No data is ever sent to any server. You can verify this by opening your browser's Developer Tools and checking the Network tab - you will see zero network requests while using the tool. This makes it safe for encoding credentials, API keys, and other sensitive strings.
To view a Base64-encoded image, paste the Base64 string (without the data:image/png;base64, prefix) into the Decode tab. The decoded output will be binary data. To render the image in a browser, prefix the full string with data:image/png;base64, (or the appropriate MIME type) and use it as an img src attribute or CSS background-image value.
The most common errors are: (1) Invalid characters - Base64 only allows A–Z, a–z, 0–9, +, /, and = padding. Spaces, line breaks, or other characters cause errors unless stripped first. (2) Wrong padding - the encoded string length must be a multiple of 4. (3) Wrong character set - decoding a Base64URL string with a standard decoder fails because of the - and _ characters. (4) Truncated input - partial Base64 strings cannot be decoded.
Discover more free developer tools that might interest you