Dev-Utilities logoDev-UtilitiesAbout

Base64 Encoder / Decoder

Encode plain text to Base64 or decode Base64 back to text. Supports standard and URL-safe variants.

Output will appear here...

Related tools

URL Encoder/DecoderJWT DecoderHash Generator

About the Base64 Encoder / Decoder

Base64 is a binary-to-text encoding scheme that converts arbitrary binary data into a string of 64 printable ASCII characters. It is widely used to embed binary data (such as images, files, or cryptographic keys) in contexts that only support plain text, such as JSON payloads, HTML data URIs, HTTP headers, and email attachments (MIME).

Standard vs. URL-safe Base64

Standard Base64 uses + and / as the 62nd and 63rd characters, which are not safe to include unescaped in URLs or filenames. URL-safe Base64 (RFC 4648 §5) replaces them with - and _ and omits padding = characters. This is the format used in JWT tokens, OAuth 2.0 PKCE, and many modern web APIs.

How Base64 encoding works

Base64 works by taking every 3 bytes of input (24 bits) and splitting them into four 6-bit groups. Each 6-bit value (0–63) maps to a character in the Base64 alphabet — uppercase letters A–Z, lowercase a–z, digits 0–9, and the characters + and /. When the input length is not a multiple of 3, padding characters = are added to align the output to a multiple of 4 characters. The result is always approximately 33% larger than the original input.

Common use cases

  • Encoding images or binary files for embedding in HTML or CSS data URIs
  • Decoding the header and payload sections of a JWT (JSON Web Token)
  • Encoding API credentials for HTTP Basic Authentication — the value of the Authorization: Basic header is base64(username:password)
  • Inspecting or constructing data URIs (data:image/png;base64,...)
  • Encoding binary payloads for safe transmission in JSON or XML fields
  • Decoding Base64-encoded environment variables or secrets from CI/CD pipelines

Base64 is encoding, not encryption

A common misconception is that Base64-encoded data is secure or hidden. It is not — Base64 is trivially reversible by anyone. It is purely a data format, not a security mechanism. Never use Base64 as a substitute for encryption when dealing with sensitive data. If you need to securely store or transmit a secret, use proper encryption (AES, RSA) or a secrets manager.

Privacy

This tool runs entirely in your browser. No data is sent to any server. Learn more about how Dev-Utilities handles privacy.