Instant Base64 conversion — free, private, runs entirely in your browser
Many systems — email protocols, HTTP headers, JSON — were designed to carry only printable text. Raw binary data (images, files, executable code) contains bytes that these systems misinterpret as control characters, line breaks, or end-of-message signals. Base64 converts any binary data into a safe sequence of 64 printable ASCII characters.
Base64 groups input bytes into sets of 3 (24 bits), then splits each group into four 6-bit values. Each 6-bit value maps to one of 64 characters: A–Z (0–25), a–z (26–51), 0–9 (52–61), + (62), and / (63). If the input length is not divisible by 3, one or two = padding characters are appended.
Because 3 bytes become 4 characters, Base64 increases data size by exactly 33% (plus a small amount of padding). A 1 MB image becomes ~1.37 MB as Base64. This overhead is the tradeoff for binary-safe text transmission. For large files, prefer direct binary transfer over Base64 when possible.
Standard Base64 uses + and / which have special meaning in URLs and HTML. Base64URL replaces them with - and _, making the output safe for use in URLs without percent-encoding. JWT tokens always use Base64URL. This tool handles both variants automatically.
Base64 is an encoding scheme, not a security measure. Anyone can decode a Base64 string in seconds — it provides zero confidentiality. Developers sometimes confuse it with encryption because the output looks scrambled. If you need to protect sensitive data, use proper encryption: AES-256-GCM for symmetric encryption, or RSA/ECDSA for public-key cryptography.
Every modern browser has built-in Base64 support via atob() (decode) and btoa() (encode). These functions have been available since IE10 and are part of the Web API standard. This tool uses exactly these native functions — no libraries, no server, no dependencies.
Select the Decode tab (default). Paste any Base64 string — from an API response, JWT token, email header, or database field. The decoded text appears instantly as you type. The tool automatically handles both standard Base64 (+/) and Base64URL (-_) variants, with and without padding.
Switch to the Encode tab. Type or paste any text — including Unicode, emoji, or non-Latin characters. The tool uses encodeURIComponent + btoa to correctly handle UTF-8, so characters like ñ, ü, or 中文 encode without errors.
Switch to Encode mode, then drag any file onto the drop zone — images, PDFs, archives, any format. The tool reads the file as binary using the FileReader API and outputs the Base64 data URI. Use this to embed images directly in HTML (src="data:image/png;base64,...") or CSS backgrounds without a separate HTTP request.
JWT tokens consist of three Base64URL-encoded parts separated by dots. Decode the middle part (payload) to inspect claims like user ID, expiry, and roles — without needing a library or backend.
Encode small images to Base64 and embed them directly in HTML or CSS. Reduces HTTP requests for icons and small assets. Format: data:image/png;base64,...
The MIME email standard encodes all attachments as Base64 to survive transport through text-based mail servers. Decode a raw email's attachment block to inspect file contents or verify encoding.
REST APIs and SOAP services use Base64 to embed binary payloads (images, signatures, certificates) in JSON or XML fields. Decode to inspect the binary content or re-encode it in a different format.
The HTTP Basic Auth header encodes username:password as Base64. Decode the Authorization: Basic ... header to verify credentials during API debugging.
PEM-format certificates, private keys, and CSRs are Base64-encoded DER data wrapped in -----BEGIN...----- headers. Decode the body to inspect the raw certificate structure.
// Decode
atob('SGVsbG8gV29ybGQ=')
// → "Hello World"
// Encode
btoa('Hello World')
// → "SGVsbG8gV29ybGQ="
// UTF-8 encode (safe for non-ASCII)
btoa(unescape(encodeURIComponent('héllo')))
// Node.js
Buffer.from('Hello').toString('base64')
Buffer.from('SGVsbG8=', 'base64').toString()import base64
# Decode
base64.b64decode('SGVsbG8=').decode()
# → "Hello"
# Encode
base64.b64encode(b'Hello').decode()
# → "SGVsbG8="
# Base64URL (for JWT)
base64.urlsafe_b64decode(token + '==')
# CLI
echo 'Hello' | base64
echo 'SGVsbG8K' | base64 -d// Decode
base64_decode('SGVsbG8=');
// → "Hello"
// Encode
base64_encode('Hello');
// → "SGVsbG8="
// URL-safe variant
rtrim(strtr(
base64_encode($data),
'+/', '-_'
), '=');import "encoding/base64"
// Decode
decoded, _ := base64.StdEncoding
.DecodeString("SGVsbG8=")
// → []byte("Hello")
// Encode
encoded := base64.StdEncoding
.EncodeToString([]byte("Hello"))
// URL-safe (for JWT)
base64.URLEncoding.EncodeToString(data)
base64.RawURLEncoding.EncodeToString(data)# Encode
echo -n 'Hello' | base64
# → SGVsbG8=
# Decode
echo 'SGVsbG8=' | base64 -d
# → Hello
# Encode file
base64 image.png > image.b64
# macOS: base64 -D (uppercase)
echo 'SGVsbG8=' | base64 -Dimport java.util.Base64;
// Decode
byte[] decoded = Base64.getDecoder()
.decode("SGVsbG8=");
new String(decoded); // → "Hello"
// Encode
Base64.getEncoder()
.encodeToString("Hello".getBytes());
// URL-safe
Base64.getUrlEncoder()
.encodeToString(data);Base64 was created to solve a specific problem: many older communication protocols — email (SMTP), newsgroups (NNTP), and HTTP headers — were designed to handle only 7-bit ASCII text. Raw binary data contains bytes with values above 127 or control characters (like null bytes and line feeds) that these protocols misinterpret. Base64 maps every 3 bytes of input to 4 printable ASCII characters chosen from a set of 64 safe characters: A–Z, a–z, 0–9, + and /. This guarantees the output is always safe to transmit through any text-based system, at the cost of a 33% size increase.
It returns the plain-text string Hello. HTTPBin's /base64/<value> endpoint takes whatever Base64 string follows it in the URL and decodes it in the response body — both SGVsbG8 and the padded SGVsbG8= return the same result. It's a handy one-line check from a terminal (curl httpbin.org/base64/SGVsbG8=), but each call is a real network request to an external server.
Yes — paste SGVsbG8 or SGVsbG8= into the box above and switch to Decode mode; it becomes Hello instantly, entirely in your browser — no curl, no httpbin, no network round-trip, and no rate limits. The same works for any Base64 string, including longer JWT payloads or full API responses, not just short test values.
No — Base64 is encoding, not encryption, and it provides absolutely no security. Anyone can decode a Base64 string instantly using any decoder, including this tool. There is no key, no secret, and no algorithm involved beyond a simple character substitution table. Developers sometimes confuse the two because encoded data looks scrambled, but it is trivially reversible. For real data protection, use authenticated encryption: AES-256-GCM for symmetric encryption, bcrypt or Argon2 for password hashing, or TLS for data in transit.
Yes, completely. This tool uses the browser's built-in atob() and btoa() functions — all processing happens locally on your device. No data is transmitted to any server, no logs are created, and nothing is stored. You can verify this by opening the browser DevTools Network tab while using the tool: you will see zero outbound requests. This makes it safe to use even with sensitive strings like API keys, JWT tokens, or HTTP Basic Auth credentials.
Standard Base64 uses + and / as the 62nd and 63rd characters. These have special meaning in URLs (+ means space in form data, / is a path separator) and in HTML attributes, which causes problems when Base64 appears in a URL or query string. Base64URL solves this by replacing + with - and / with _, and often omitting the = padding. JWT tokens always use Base64URL. This decoder handles both variants automatically.
Base64 processes input 3 bytes at a time, converting each group into 4 characters. When the total input length is not divisible by 3, the final group is incomplete. One = is added if the last group had 2 bytes (only one padding character needed), or two == if the last group had only 1 byte. This padding ensures the string length is always a multiple of 4, which some decoders require. Many modern implementations (including Base64URL) omit padding entirely and still decode correctly.
A JWT has three parts separated by dots: header.payload.signature. Both the header and payload are Base64URL-encoded JSON. To inspect the claims, take the middle part (between the first and second dot), replace - with + and _ with /, then paste it into this decoder. Note: decoding the payload only shows the claims — it does NOT verify the signature. Never trust a JWT's claims without verifying the signature server-side.
Switch to Encode mode, then drag and drop your image file onto the drop zone. This tool encodes the binary file data and outputs the complete data URI. Use it directly in HTML as src="data:image/png;base64,iVBOR...", or in CSS as background: url('data:image/svg+xml;base64,...'). This technique eliminates a separate HTTP request for small images like icons and logos, improving page load performance.
Every major language has built-in Base64 support. JavaScript: atob(str) / btoa(str). Node.js: Buffer.from(str, 'base64').toString(). Python: base64.b64decode(s). PHP: base64_decode($s). Go: base64.StdEncoding.DecodeString(s). Java: Base64.getDecoder().decode(s). See the full code examples section above.
If the decoded output looks like random binary characters, the original data was not plain text — it was a binary file (image, PDF, audio, executable, archive). Base64 can encode any byte sequence, not just text. The decoder correctly decoded the data, but your browser displays binary bytes as garbled characters. If you encoded an image and want to verify it, use Encode mode, drop the file, and compare the output with the Base64 string you have. If you expected text but got garbage, the string may have been encoded multiple times — try decoding the result again.
Base64 increases size by exactly 4/3 — approximately 33.3% overhead. Every 3 input bytes become 4 output characters. With padding, the output length is always a multiple of 4. Examples: a 100 KB PNG image becomes ~133 KB as Base64; a 1 MB PDF becomes ~1.37 MB; a 10 MB video would become ~13.7 MB. HTTP gzip/brotli compression can reduce Base64 data significantly (Base64 is highly compressible due to its limited character set), but it is still larger than the original binary. For large files, prefer multipart form uploads over Base64 encoding.
Standard Base64 uses exactly 65 characters: A–Z (26), a–z (26), 0–9 (10), + (1), / (1) = 64 characters, plus = for padding. Each character represents one of 64 possible 6-bit values (2⁶ = 64). If your Base64 string contains any character outside this set — such as spaces, newlines, or special characters — it is either invalid or it uses a variant encoding. Base64URL uses - and _ instead of + and /.
Yes. Base64 operates on raw bytes, completely agnostic to file format. You can encode images (PNG, JPEG, WebP, GIF, SVG), documents (PDF, Word, Excel), audio (MP3, WAV), video, archives (ZIP, TAR, GZIP), executables, certificates, and any other binary file. Use the drag-and-drop zone in Encode mode to encode any file directly in the browser. The only practical limit is browser memory — very large files (over a few hundred MB) may cause the browser tab to slow down or crash.
Paste the Base64 string into Decode64’s decoder and it converts `SGVsbG8gV29ybGQ=` to `Hello World`; standard Base64 uses a 64-character alphabet plus `=` padding.