Base64 Encoder / Decoder
Share with friends
How to use
- 1 Choose Encode or Decode mode.
- 2 Pick the alphabet: standard (A–Z, a–z, 0–9, +, /) or URL-safe (A–Z, a–z, 0–9, −, _).
- 3 Paste your text into the input box. The output appears instantly as you type.
- 4 Decoding handles missing padding and whitespace automatically — useful for JWT segments that omit padding.
- 5 Copy the output to clipboard with one click. To encode binary files, drag them onto the page and the file content is read as Base64.
About Base64 Encoder / Decoder
FAQ
Q Is Base64 secure for storing passwords?
No — Base64 is encoding, not encryption. Anyone can decode it instantly. Never use Base64 to "hide" passwords, API keys, or other secrets. For password storage use bcrypt, Argon2, or PBKDF2; for data confidentiality use AES or RSA encryption.
Q Why do JWT tokens use URL-safe Base64?
JWTs travel in URLs and HTTP headers where the standard Base64 characters + and / would be reserved or escaped. RFC 4648 §5 substitutes − and _ to avoid percent-encoding, and JWT spec drops the trailing = padding to keep tokens compact.
Q How much does Base64 increase data size?
About 33% larger. Every 3 bytes (24 bits) of input become 4 Base64 characters (32 bits). For very small inputs the overhead is higher due to padding. A 1 KB image becomes ~1.37 KB encoded, plus roughly 6% for line breaks if you use MIME line wrapping.
Q When should I use a Data URI vs. a regular image URL?
Use a Data URI for tiny inline images (<2 KB) like icons or single-pixel PNGs to save an HTTP request. For larger images use a regular URL — Data URIs prevent caching, balloon HTML/CSS file size, and can degrade performance. Modern HTTP/2 and HTTP/3 reduce the per-request cost so Data URIs are less compelling than they were in 2010.
Q What does the trailing = mean in Base64?
It's padding to keep the output a multiple of 4 characters. Input lengths that aren't a multiple of 3 bytes produce 1 or 2 = signs at the end. Some implementations omit padding entirely (URL-safe Base64 in JWT), which decoders should handle gracefully.
Q Can I decode Base64 in the browser without a library?
Yes — JavaScript has built-in <code>btoa()</code> for encoding and <code>atob()</code> for decoding. They handle ASCII strings only; for Unicode you need to encode to UTF-8 first: <code>btoa(unescape(encodeURIComponent(text)))</code> or use the modern <code>TextEncoder</code>. This calculator handles Unicode automatically.
Q Why does my decoded Base64 look like garbled text?
Two common causes: (1) the Base64 was actually encoded binary data (image, PDF, encrypted blob) — decoding to a text view shows raw bytes; (2) the original was Unicode but encoded without UTF-8 conversion, so multi-byte characters are misinterpreted as Latin-1.
Q How does HTTP Basic Authentication use Base64?
The browser concatenates <code>username:password</code>, encodes with standard Base64, and sends in the <code>Authorization: Basic ...</code> header. It's readable by anyone who can intercept the request — which is why Basic Auth must be combined with HTTPS. Token-based auth (JWT, OAuth) has largely replaced it for modern APIs.
Official resources
IETF RFC 4648 — Base16/32/64 Encodings
Authoritative IETF specification of Base16, Base32, Base64, and URL-safe Base64.
IETF RFC 7519 — JWT Token Format
IETF specification for JSON Web Tokens, which use URL-safe Base64 without padding.
MDN — Base64 Encoding
MDN Web Docs explanation of Base64 with browser examples (btoa, atob, Data URIs).
IETF RFC 2045 — MIME Base64 (Email)
Original MIME specification of Base64 used in email attachments and email-safe text.