Base64 Encoder Decoder
Encode text to Base64 or decode Base64 text instantly.
Encoder tool
Convert text to Base64 and decode Base64 strings without page reloads.
Encode text to Base64 or decode Base64 text instantly.
Continue the workflow with nearby developer and data utilities.
To encode, type or paste plain text into the input box and press Encode; the output box fills with the Base64 version. To go the other way, paste a Base64 string and press Decode to recover the original text. The Copy button puts the result on your clipboard. If you try to decode something that is not valid Base64, the status line reports the problem so you can check for stray spaces, line breaks, or missing padding before trying again.
Base64 is a way to represent arbitrary binary data using only 64 printable ASCII characters: the letters A to Z and a to z, the digits 0 to 9, and the symbols + and /. It reads the input three bytes at a time (24 bits) and re-slices those bits into four 6-bit groups, each of which maps to one of the 64 characters. The point is to move data that might contain bytes a text channel would mangle, such as control codes or non-ASCII values, through systems that only expect plain text. It is used in data URIs, email attachments (MIME), and the payload of tokens. Crucially, Base64 is not encryption: the transformation is public and fully reversible, so it hides nothing.
Encoding is purely mechanical. Each short string below becomes a slightly longer Base64 string, and the trailing = characters show where padding was added to complete the final 4-character group.
| Plain text | Base64 |
|---|---|
M | TQ== |
Hi | SGk= |
Cat | Q2F0 |
OneTools | T25lVG9vbHM= |
user:pass | dXNlcjpwYXNz |
Notice that Cat (exactly three letters) needs no padding, while one- and two-character inputs end with == or =.
HTTP Basic authentication sends credentials as Base64. The string user:pass encodes to dXNlcjpwYXNz, which is sent as the header Authorization: Basic dXNlcjpwYXNz. Anyone who intercepts that header can decode it back to user:pass in one step, which is exactly why Basic auth is only safe over HTTPS. This is the clearest reminder that Base64 encodes for transport, it does not protect the contents.
Developers reach for Base64 constantly: embedding a small icon directly in CSS as a data URI, inspecting the payload of a JSON Web Token, building an HTTP Basic auth header, or pasting a snippet from an email's raw source to see what it actually contains. Doing those conversions by hand is error-prone, and command-line tools are not always at hand. This page gives you instant, two-way conversion with a copy button, so you can encode a value for a config file or decode a mystery string in seconds without leaving the browser.
Everything runs locally in your browser using the platform's own Base64 routines, so encoding and decoding match what your code and your servers will produce. Nothing you type is uploaded, logged, or stored on any server. Because Base64 is not a security measure, treat decoded output the same way you treat the original data: a Base64 string offers no protection, so never rely on it to conceal passwords, API keys, or personal information.
No. Base64 is an encoding scheme, not encryption. The mapping between bytes and characters is public, so anyone can reverse it instantly. It makes data safe to transport through text-only channels, but it adds no secrecy at all. Never use it to protect passwords, tokens, or other secrets.
Standard Base64 uses + and /, which have special meaning inside URLs. URL-safe Base64 swaps + for - and / for _ so the string can sit in a query string or path without extra escaping. JSON Web Tokens use this variant, which is why JWTs contain dashes and underscores rather than plus and slash characters.
Base64 processes input in groups of three bytes that become four characters. When the input length is not a multiple of three, one or two = padding characters fill out the last group. A single = means the final group held two bytes, and == means it held one byte. The padding lets a decoder know exactly how many real bytes the last group represents.
A data URI such as data:image/png;base64,iVBORw0KGgo... carries a Base64 payload after the comma. You can decode that payload here, but the result is raw binary bytes rather than readable text, since an image is not text. To actually view the picture, paste the whole data URI into your browser's address bar and the browser will render it.
Yes. Because every three bytes turn into four ASCII characters, Base64 output is roughly 33 percent larger than the original. That growth is the cost of carrying binary data safely through channels that only accept text, such as email bodies, JSON fields, and HTML attributes. For large files this overhead is why links are often preferred over inline Base64.