Base64 Encoder / Decoder

Base64 is a binary-to-text encoding scheme that represents binary data using a set of 64 printable ASCII characters. It is widely used in email, HTTP basic authentication, data URIs, and API payloads. Use this free tool to encode any text string to Base64 or decode a Base64-encoded string back to its original form — all processing happens locally in your browser with no data sent to any server.

Tip: Press Ctrl+Enter to run

Output
Result will appear here…

What this tool does

Base64 is an encoding scheme — not encryption — that converts any text into a set of safe printable ASCII characters. It's how HTTP Basic Auth credentials are formatted, how JWT tokens carry their header and payload, and how email attachments survive transit through text-only mail servers. This tool encodes or decodes Base64 strings entirely in your browser. Nothing is transmitted.

How to use it

  • Select Encode or Decode mode with the toggle at the top.
  • Paste your text and click Encode (or press Ctrl+Enter).
  • Click Swap to move the output back into the input — useful when decoding in multiple steps.
  • The input/output size is shown below the output so you can see the ~33% size overhead that Base64 adds.

Where you'll encounter Base64

  • HTTP Basic Auth: Credentials are formatted as username:password, Base64-encoded, then sent as Authorization: Basic dXNlcjpwYXNz. Not encrypted — always use over HTTPS.
  • JWT tokens: The header and payload of a JWT are Base64url-encoded. Anyone with the token can decode them. The signature provides integrity, not confidentiality.
  • Data URIs: data:image/png;base64,iVBORw0KGgo... — a Base64-encoded image embedded directly in HTML or CSS.
  • MIME email attachments: Binary attachments are Base64-encoded in the message body to survive text-only SMTP transit.

Frequently Asked Questions

Is Base64 encoding the same as encryption?

No. Base64 is a reversible encoding with no key or secret. Anyone can decode it instantly. If you're trying to protect sensitive data, you need actual encryption (TLS, AES). Base64 just converts binary data into safe printable characters for transport purposes.

What is URL-safe Base64 and when do I need it?

Standard Base64 uses + and /, which have special meaning in URLs. URL-safe Base64 (Base64url) replaces them with - and _. JWTs use Base64url. If you're decoding a JWT manually, swap - back to + and _ back to / before passing it to a standard decoder.

Why does Base64 output end with = or ==?

Base64 encodes 3 bytes into 4 characters. When the input length isn't a multiple of 3, one or two = padding characters are appended to bring the output to a multiple of 4. Some implementations strip padding — the string is still valid Base64 without it, though some strict decoders require it.

Want the full explanation? Read the guide: Base64 Is Not Encryption — Here's What It Actually Is →