Base64 Encoder / Decoder
Encode text or files to Base64, or decode Base64 strings instantly
The Complete Guide to Base64 Encoding
What Is Base64 Encoding?
Base64 is a binary-to-text encoding scheme that converts binary data into a string of ASCII characters. It works by taking every three bytes (24 bits) of binary data and splitting them into four groups of six bits each. Each six-bit group is then mapped to one of 64 printable ASCII characters (A-Z, a-z, 0-9, +, and /), with the equals sign (=) used for padding when the input length is not divisible by three. This encoding ensures that binary data can be safely transmitted over text-based protocols that may not handle raw binary data correctly.
The name "Base64" refers to the 64-character alphabet used in the encoding process. Base64 was originally designed for transferring binary content through email systems (MIME encoding) that only reliably handled 7-bit ASCII text. Today, Base64 is used extensively across web development, data storage, cryptographic operations, and countless other applications where binary data must be represented as text.
How Does Base64 Work?
The Base64 encoding process follows a straightforward algorithm. First, the input data is divided into chunks of three bytes (24 bits). These 24 bits are then split into four groups of six bits each. Each six-bit value (ranging from 0 to 63) is mapped to a corresponding character in the Base64 alphabet. If the input data length is not a multiple of three bytes, padding characters (=) are added to the output to ensure the encoded string length is always a multiple of four characters. One padding character indicates one missing byte, while two padding characters indicate two missing bytes.
This encoding process inherently increases the data size by approximately 33%, since every three bytes of input become four bytes of output. While this overhead might seem significant, it is a necessary trade-off for the ability to safely represent binary data as text. The decoding process reverses these steps exactly, mapping each Base64 character back to its six-bit value, combining groups of four characters into three bytes, and stripping any padding to recover the original binary data.
Common Use Cases for Base64
Base64 encoding is ubiquitous in modern web development. One of the most common use cases is embedding images directly into HTML or CSS using data URIs. Instead of referencing an external image file, you can embed the Base64-encoded image data directly in the source code (e.g., data:image/png;base64,iVBORw0K...). This eliminates an extra HTTP request but increases the document size, making it best suited for small icons, logos, or images under a few kilobytes.
API authentication frequently uses Base64, particularly in HTTP Basic Authentication where the username and password are combined with a colon separator and then Base64-encoded before being sent in the Authorization header. JSON Web Tokens (JWTs) use Base64URL encoding (a URL-safe variant) for their header and payload segments. Email attachments are transmitted as Base64-encoded MIME content, and many database systems use Base64 to store binary data in text columns. Developers also use Base64 when transferring binary data through JSON APIs, since JSON does not natively support binary values.
URL-Safe Base64 and Variants
Standard Base64 uses the characters + and / in its alphabet, which have special meanings in URLs and file systems. The URL-safe variant of Base64, often called Base64URL, replaces + with - (hyphen) and / with _ (underscore), and typically omits the padding = characters. This variant is specified in RFC 4648 and is used extensively in web technologies, most notably in JSON Web Tokens (JWTs), OAuth 2.0 PKCE challenges, and URL parameters where standard Base64 characters would need to be percent-encoded.
Our tool supports both standard and URL-safe Base64 with a simple toggle. When encoding, enabling URL-safe mode automatically converts the output to use the alternative character set. When decoding, enabling URL-safe mode converts the input back to standard Base64 before decoding. It is important to use the same variant for both encoding and decoding — attempting to decode URL-safe Base64 as standard Base64 (or vice versa) will typically result in errors or corrupted output.
Base64 Is Not Encryption
A critical misconception about Base64 is that it provides security or encryption. Base64 is an encoding scheme, not an encryption algorithm. It provides absolutely no confidentiality, integrity, or authentication. Anyone can decode a Base64 string instantly without any key or secret. Using Base64 to "hide" sensitive data like passwords, API keys, or personal information is equivalent to writing a secret message in plain sight — it might look obfuscated to a casual observer but offers zero protection against anyone who recognizes the format.
If you need to protect sensitive data, use proper encryption algorithms such as AES-256 for symmetric encryption or RSA / ECDSA for asymmetric encryption. Base64 is commonly used alongside encryption (for example, encrypting data first and then Base64-encoding the encrypted ciphertext for transmission), but the security comes entirely from the encryption, not from the Base64 encoding. Always use established cryptographic libraries and follow security best practices when handling sensitive information. Our Base64 tool processes all data entirely within your browser using client-side JavaScript, so your data never leaves your device and is never transmitted to any server.
Related Reading
Explore more resources on encoding, data security, and developer tools:
Latest from Our Blog
How to Encrypt Files and Folders on Any Operating System
Step-by-step guide to encrypting your files on Windows, macOS, and Linux to protect sensitive data from unauthorized access.
Your GDPR Privacy Rights: What You Need to Know
A clear explanation of your rights under GDPR including data access, deletion, portability, and how to exercise them.
Hardware Security Keys: The Strongest Form of Two-Factor Authentication
Learn how hardware security keys like YubiKey work and why they provide superior protection against phishing and account takeover.
Incident Response Planning: What to Do When You Get Hacked
A practical guide to responding to a security incident — from detecting the breach to recovering your accounts and preventing future attacks.
How to Share Passwords Securely Without Compromising Security
Learn safe methods for sharing passwords with family members, team members, and others without putting your accounts at risk.