HomeUtilities › Base64 Encode / Decode

Base64 Encode / Decode

Encode text to Base64 or decode Base64 back to text, entirely in your browser. Handles full UTF-8 (emoji, accents, non-Latin scripts included), offers a URL-safe variant, and flags invalid input with a clear error instead of garbled output.

Status
Input / output length

How Base64 works

Computers store data as 8-bit bytes, but Base64 re-slices that same data into 6-bit chunks and maps each chunk to one of 64 printable characters (A–Z, a–z, 0–9, +, /). Because 6 doesn’t divide evenly into every byte count, the input is grouped into 3-byte (24-bit) blocks — exactly divisible into four 6-bit characters — with padding characters (=) added when the last block is short. The output is always about 4/3 (roughly 33%) larger than the input.

How it’s calculated

Encoding: text is first converted to UTF-8 bytes with TextEncoder, then grouped into 3-byte blocks and mapped through the standard Base64 alphabet (RFC 4648), with = padding on a short final block. Decoding reverses this and converts the resulting bytes back to text with TextDecoder. The URL-safe toggle swaps + for − and / for _ per RFC 4648 §5, and omits the = padding.

Base64 is an encoding, not encryption or compression — it does not hide or shrink data, and anyone can decode it instantly.

Worked example

Encoding “Dog” (3 bytes: D=68, o=111, g=103) gives RG9n with no padding, since 3 bytes divide evenly into four 6-bit characters. Encoding “Do” (2 bytes) gives RG8= — one padding character for the 2 missing bits. Encoding “Dogs” (4 bytes) gives RG9ncw== — two padding characters. A Unicode string like “café ☕ 日本語” encodes to Y2Fmw6kg4piVIOaXpeacrOiqng== and decodes back to the exact original text, confirming the UTF-8 handling round-trips correctly.

Reserved characters this tool handles

The standard Base64 alphabet is A–Z, a–z, 0–9, plus + and /, with = reserved strictly for end padding. The URL-safe variant swaps in and _ in place of + and / so the result needs no further escaping inside a URL. Toggle the checkbox above to switch which alphabet is used for encoding, and the decoder accepts either form automatically.

Common mistakes

  • Pasting Base64 with line breaks or extra spaces in the middle — strip whitespace before decoding, or let this tool flag the error.
  • Assuming Base64 is encrypted or compressed — it’s neither; anyone can decode it instantly and the output is larger, not smaller.
  • Using standard Base64 (with + and /) directly inside a URL without additional percent-encoding — use the URL-safe variant instead.
  • Forgetting padding when manually reconstructing a Base64 string — a missing = can make a valid decoder reject otherwise-correct data.

Where it is used

  • Embedding small images or fonts directly inside CSS or HTML as data URLs.
  • Encoding binary attachments for email (MIME) or JSON/XML payloads that only support text.
  • Passing binary tokens (API keys, certificates) through text-based config files or environment variables.
  • Basic HTTP authentication headers, which Base64-encode the username:password pair.

Frequently asked questions

What is Base64 encoding for?

Base64 turns binary or text data into a string of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /) so it can travel safely through systems built for text — email attachments, JSON/XML payloads, and data URLs embedded in HTML or CSS all rely on it. It doesn’t compress or encrypt anything; it only re-encodes bytes as text-safe characters, and typically grows the size by about a third.

Why does encoded output sometimes end with = signs?

Base64 groups input into 3-byte (24-bit) chunks and re-splits each chunk into four 6-bit characters. When the input isn’t a multiple of 3 bytes, the last chunk is padded, and one or two ‘=’ characters mark that padding so a decoder knows exactly how many real bytes to expect. ‘Dog’ (3 bytes) encodes with no padding; ‘Do’ (2 bytes) needs one ‘=’; a single byte needs two.

What does the URL-safe variant change?

Standard Base64 uses + and / in its alphabet, both of which have special meaning inside a URL. The URL-safe variant (RFC 4648 §5) replaces + with −, / with _, and typically drops the trailing = padding entirely, so the result can be used directly inside a URL path or query parameter without further escaping.

Why did I get an error decoding my text?

Valid Base64 only contains letters, digits, +, /, and optional trailing = padding (or −, _ for the URL-safe variant) in a length that’s a multiple of 4 characters once padding is included. Stray line breaks, extra spaces, or a truncated copy-paste are the most common causes — the tool flags this instead of silently returning garbage.

Is this safe for sensitive data?

Encoding and decoding happen entirely in your browser via JavaScript — nothing is uploaded or sent to a server. That said, Base64 is not encryption: anyone can decode it back to the original text instantly, so don’t rely on it to hide sensitive information from a determined viewer.