Base64 Encoder & Decoder — Convert Text & Files Online

This free Base64 encoder and decoder converts text and binary data to and from Base64 in real time. Base64 is an encoding scheme (defined in RFC 4648) that maps every three bytes onto four printable ASCII characters, letting binary content travel safely through text-only systems like email, JSON, and data URIs. It is not encryption — anyone can reverse it — so never use it to hide secrets. This tool runs entirely in your browser, so nothing you paste is uploaded or logged.

Try an example:

✨ Pro Tips for Best Results

  • Character Limit: Base64 increases file size by ~33%. If you're sending large images, consider a direct binary transfer instead.
  • URL Safety: If you're putting Base64 in a URL, remember to swap + with - and / with _.
  • Secret Leakage: Never use Base64 to "hide" passwords. It is not encryption and can be decoded by anyone in seconds.

Base64 vs. Encryption: Why the confusion?

Many beginners mistake encoding (Base64) for encryption (AES). Encoding is a way to change data format so it can be safely transmitted over different systems. Encryption is a way to secure data so only authorized parties can read it. Base64 has no "key"—it's a public standard that anyone can reverse.

How Base64 encoding works

Base64 is a binary-to-text encoding scheme that represents binary data using only 64 ASCII-safe characters (A–Z, a–z, 0–9, +, /). It was designed to safely transmit binary data over channels that only support text — like email (MIME), URLs, and HTTP headers. Every 3 bytes of binary data become 4 Base64 characters, which is why Base64-encoded data is approximately 33% larger than the original.

This tool uses the browser's native btoa() (binary-to-ASCII) for encoding and atob() (ASCII-to-binary) for decoding, with UTF-8 support added via TextEncoder for non-ASCII characters. URL-safe Base64 replaces + with - and / with _ to avoid conflicts with URL syntax — useful for JWTs and query parameters. Base64 is not encryption: it is trivially reversible and provides no security. Any Base64 string can be decoded instantly. Do not use it to hide sensitive data.

Related tools

URL encoder → JWT decoder → JSON formatter →
3 bytes (24 bits) → 4 Base64 characters010011010110000101101110↓ regroup into 6-bit chunks010011T010110W000101F101110u"Man" → "TWFu"
Base64 regroups every 3 bytes (24 bits) into four 6-bit chunks, each mapped to one printable character — a 33% size increase.

What Base64 actually does

Base64 is an encoding, not encryption. It maps every 3 bytes of binary data onto 4 ASCII characters drawn from A–Z a–z 0–9 + /, letting binary content travel safely through systems that only handle text — email bodies, JSON fields, HTML attributes. Because the mapping is public and reversible by anyone, it provides zero confidentiality; never use it to 'hide' passwords or secrets.

The 33% size cost and padding

Encoding inflates data by roughly 33%, since 4 output characters represent 3 input bytes. When the input isn't a multiple of 3 bytes, one or two = characters pad the final group. This overhead is why you inline small images as Base64 data URIs but keep large assets as separate files.

Standard vs URL-safe

The + and / characters are unsafe in URLs and filenames, so a URL-safe variant (RFC 4648) substitutes - and _ and often drops padding. JSON Web Tokens use exactly this variant. If a decode fails, a swapped alphabet or missing padding is the usual culprit.

⚠️ Common Mistakes to Avoid

  • Using Base64 for encryption: Base64 is an encoding scheme, not a security measure, and can be easily reversed.
  • Ignoring padding: Failing to include the '=' padding characters can lead to decoding errors in some systems.
  • Encoding sensitive data: Never send unencrypted sensitive information via Base64 in public URLs.

Frequently asked questions

What is Base64 encoding used for?

It is primarily used to encode binary data as ASCII text for transmission over systems that only support text, like email or HTML.

Is Base64 secure?

No, Base64 is not encryption. It is a public encoding format that anyone can decode without a key.

Reviewed by the ToolsmithPro editorial team · Last updated June 2026. Every calculation and conversion runs entirely in your browser — your inputs are never uploaded, stored or shared. Formulas and methodology are documented on our about page; spot an error? tell us and we'll fix it.