Base64 Encoder/Decoder

Our Base64 encoder decoder converts text to Base64 encoding and back in real-time. Paste any text and get the Base64-encoded version, or paste Base64 to decode it back to readable text. Supports standard Base64 (RFC 4648) and URL-safe Base64. Handles UTF-8 characters, JSON strings, and large text. All processing is client-side — your data never leaves your browser.

star 4.9
auto_awesome AI
New

Base64 Encoder calculator

0 characters
0 characters

lightbulb Tips

  • Base64 output is always ~33% larger than input
  • URL-safe Base64 uses - and _ instead of + and /
  • Base64 is encoding, NOT encryption
  • 3 input bytes = 4 Base64 characters

How to Use the Base64 Encoder

swap_horiz

Choose Mode

Select Encode to convert text to Base64, or Decode to convert Base64 back to text.

text_fields

Enter Input

Type or paste your text (for encoding) or Base64 string (for decoding).

content_copy

Get Result

The result appears instantly. Click Copy to copy to clipboard.

link

URL-Safe Option

Toggle URL-safe mode to use - and _ instead of + and / for URL-compatible output.

The Formula

Base64 encoding converts binary data to printable ASCII text by splitting input bytes into 6-bit groups and mapping each group to one of 64 characters (A-Z, a-z, 0-9, +, /). Since 3 bytes (24 bits) map to 4 Base64 characters, the output is ~33% larger than the input. Padding (=) is added if the input length isn't a multiple of 3.

Base64 = encode(input bytes) → 6-bit groups → A-Za-z0-9+/ alphabet

lightbulb Variables Explained

  • input bytes UTF-8 encoded bytes of the input text
  • 6-bit groups Input split into 6-bit chunks (vs 8-bit bytes)
  • A-Za-z0-9+/ 64 printable ASCII characters used in the encoding alphabet
  • = (padding) Padding character added to make output length a multiple of 4

tips_and_updates Pro Tips

1

Base64 output is always ~33% larger than the input

2

URL-safe Base64 replaces + with - and / with _ (useful for URLs and filenames)

3

Base64 is encoding, NOT encryption — anyone can decode it, so never use it for security

4

Use Base64 to embed small images in HTML/CSS via data URIs

5

JSON Web Tokens (JWT) use URL-safe Base64 encoding for header and payload

6

The = padding at the end can be safely removed for URL-safe Base64

7

Base64 handles binary data — it's how email attachments are transmitted

Our free Base64 encoder decoder converts text to Base64 and back instantly. Supports standard and URL-safe Base64, UTF-8 characters, and large text. All processing happens in your browser — your data stays private.

Base64 Encoder - Text to Base64

Convert any text to Base64 encoding instantly. Our encoder handles UTF-8 characters, JSON strings, HTML, and any text input.

Copy the Base64 output for use in:

  • APIs
  • data URIs
  • email encoding
  • configuration files

Base64 Decoder - Base64 to Text

Decode any Base64 string back to readable text. Paste Base64-encoded content and see the original text instantly.

Handles:

  • standard Base64
  • URL-safe Base64
  • Base64 with or without padding characters

How Does Base64 Encoding Work?

Base64 encoding works by converting binary data into a set of 64 printable ASCII characters, as defined in RFC 4648 from the IETF.

The algorithm takes the input bytes and regroups them from 8-bit bytes into 6-bit chunks, since 2 to the power of 6 equals exactly 64 possible values. Each 6-bit group maps to one character in the alphabet A-Z, a-z, 0-9, plus, and slash.

Because every 3 input bytes (24 bits) become 4 output characters, the encoded text is roughly 33 percent larger than the original. When the input length is not a multiple of 3, one or two equals signs are appended as padding, per the RFC 4648 specification.

Is Base64 Encryption or Encoding?

Base64 is encoding, not encryption, and it provides zero security or confidentiality. Anyone can decode a Base64 string instantly because no secret key is involved, and the reversible mapping is publicly documented in RFC 4648.

OWASP explicitly warns that Base64 is not a substitute for cryptography and should never be used to protect passwords, tokens, or personal data. Its only purpose is safe transport of binary data through text-only channels such as email, URLs, and JSON.

For genuine confidentiality, use standardized encryption like AES-256 as recommended by NIST, and for integrity use hashing such as SHA-256. Treat any Base64 string in your logs as fully readable plaintext.

What Is URL-Safe Base64 Encoding?

URL-safe Base64 is a variant defined in Section 5 of RFC 4648 that replaces the plus character with a hyphen and the slash character with an underscore.

This substitution matters because plus and slash have reserved meanings in URLs and file paths, where they can be misinterpreted or require percent-encoding. The URL-safe alphabet lets encoded values travel inside query strings, path segments, and filenames without corruption.

Padding equals signs are often omitted in this context, since a decoder can infer the original length. JSON Web Tokens, described in RFC 7519, rely on this base64url encoding for their header and payload segments, which is why JWT strings never contain plus or slash characters.

Why Does Base64 Increase File Size by 33 Percent?

Base64 increases data size by about 33 percent because it represents every 3 bytes of input using 4 output characters.

Three bytes contain 24 bits, and Base64 splits those 24 bits into four 6-bit groups, so the 4-to-3 character ratio adds one-third to the length, as specified in RFC 4648. Padding adds up to two more characters on the final block.

This overhead is the deliberate tradeoff for ASCII compatibility: binary data that would break email or JSON becomes fully text-safe. According to MDN Web Docs, this is why embedding images as Base64 data URIs makes HTML and CSS files noticeably larger than linking the original binary file directly.

How to Encode Files and Images to Base64

To encode a file or image to Base64, the raw bytes are read and passed through the standard RFC 4648 algorithm, producing a text string you can embed directly in code.

A common use is the data URI scheme documented by MDN Web Docs, where an image becomes a self-contained src value such as data:image/png;base64 followed by the encoded bytes. This eliminates a separate HTTP request, which can speed up loading of tiny icons.

However, because Base64 adds 33 percent size and cannot be cached separately, it is best reserved for very small assets. Larger images, fonts, and PDFs are usually served as regular binary files rather than inlined Base64.

How Does Base64 Handle UTF-8 and Unicode Characters?

Base64 handles Unicode by first converting text into UTF-8 bytes, then encoding those bytes with the standard Base64 alphabet. Base64 itself only operates on raw bytes, so the character encoding step happens before encoding and after decoding.

UTF-8, defined in RFC 3629 and maintained alongside the Unicode Standard from the Unicode Consortium, represents emojis, CJK ideographs, and accented letters as multi-byte sequences that Base64 then preserves exactly. This two-step process is why our tool correctly round-trips characters like the euro sign or an emoji.

In JavaScript, MDN Web Docs notes that the legacy btoa function only accepts Latin-1, so modern code encodes to UTF-8 bytes with TextEncoder before calling btoa.

What Is Base64 Used For in Real Applications?

Base64 is used wherever binary data must travel through systems that only handle text.

  • Email attachments are Base64-encoded under the MIME standard defined in RFC 2045, which is how images and documents survive plain-text mail transport.
  • Web pages embed small images and fonts as Base64 data URIs, as documented by MDN Web Docs.
  • JSON Web Tokens per RFC 7519 encode their claims as base64url strings, and HTTP Basic Authentication, described in RFC 7617, Base64-encodes the username and colon password pair.
  • Base64 also appears in API payloads, TLS certificates in PEM format, and configuration files.

In every case, the goal is safe, lossless transport rather than compression or security.

Common Base64 Encoding and Decoding Mistakes

The most common Base64 mistake is treating it as a security measure, when RFC 4648 defines a fully reversible, unkeyed transformation that anyone can decode.

  • Another frequent error is mixing standard and URL-safe alphabets, causing decode failures when plus or slash characters are swapped with hyphen and underscore.
  • Missing or incorrect equals-sign padding also breaks strict decoders, though many, including MDN Web Docs implementations, tolerate absent padding.
  • Developers often forget the UTF-8 step and get garbled text for non-ASCII input.
  • Finally, encoding already-Base64 data by accident doubles the overhead.

Verifying the exact variant, padding rules, and character set against the RFC 4648 specification prevents nearly all of these decoding failures.

Base64 vs Base32 vs Hexadecimal Encoding

Base64, Base32, and hexadecimal are all binary-to-text encodings defined together in RFC 4648, but they trade density for readability differently.

  • Hexadecimal uses 16 characters and doubles the data size, making it the most human-readable and common in hashes and color codes.
  • Base32 uses 32 case-insensitive characters, grows data by about 60 percent, and avoids ambiguous symbols, which suits case-insensitive systems and TOTP secrets.
  • Base64 is the most compact of the three at roughly 33 percent overhead, using 64 characters.

Choose hexadecimal for debugging and short identifiers, Base32 when case sensitivity is a problem, and Base64 when compactness matters most, as the IETF guidance in RFC 4648 makes clear.

Frequently Asked Questions

sell

Tags