Base64 Encoder/Decoder
encode · decode · file support
$ how-to-use
Paste text or data in the input field. Click Encode to convert to Base64, or paste a Base64 string and click Decode to get the original text back.
What is Base64?
Base64 is a binary-to-text encoding that represents binary data using 64 ASCII characters (A-Z, a-z, 0-9, +, /). It's used whenever binary data needs to be transmitted through text-based systems like JSON, XML, email, or URLs.
Common uses include encoding API authentication tokens (HTTP Basic Auth sends credentials as Base64), embedding small images in CSS/HTML as data URIs, and transmitting binary file contents in JSON payloads.
The encoding increases size by approximately 33% — every 3 bytes of input becomes 4 bytes of Base64 output. This overhead is the trade-off for guaranteed safe transmission through text-only channels.
Common Use Cases
API Auth Headers
HTTP Basic Authentication encodes username:password as Base64 in the Authorization header.
JWT Tokens
JSON Web Tokens use Base64URL encoding for the header and payload sections. Decode them here to inspect claims.
Data URIs
Embed small files directly in HTML/CSS using data:text/plain;base64,... format. Eliminates extra HTTP requests.
Email Attachments
MIME email encoding uses Base64 for binary attachments sent through text-only SMTP protocols.
How Base64 Encoding Works
Base64 encodes binary data by splitting it into groups of 6 bits (instead of the usual 8-bit bytes). Each 6-bit group maps to one of 64 printable ASCII characters. Since 6 doesn't divide evenly into 8, every 3 bytes of input (24 bits) become 4 Base64 characters. If the input length isn't a multiple of 3, padding characters (=) are added to the output.
The standard Base64 alphabet uses A-Z (0-25), a-z (26-51), 0-9 (52-61), + (62), and / (63). The Base64URL variant replaces + with - and / with _ to make the output safe for URLs and filenames without additional percent-encoding.
Base64 Encoding Reference
| Input | Base64 Output | Size | Notes |
|---|---|---|---|
| A | QQ== | 1 byte → 4 chars | 2 padding chars |
| AB | QUI= | 2 bytes → 4 chars | 1 padding char |
| ABC | QUJD | 3 bytes → 4 chars | No padding needed |
| Hello | SGVsbG8= | 5 bytes → 8 chars | Common test string |
| user:pass | dXNlcjpwYXNz | 9 bytes → 12 chars | HTTP Basic Auth format |
Base64 vs Base64URL
Standard Base64 (RFC 4648)
Alphabet: A-Z, a-z, 0-9, +, /
Padding: =
Used in: MIME email, PEM certificates, data URIs
JS: btoa() / atob()
Base64URL (RFC 4648 §5)
Alphabet: A-Z, a-z, 0-9, -, _
Padding: Optional (often omitted)
Used in: JWT tokens, URL parameters, filenames
JS: Manual replacement of +/ with -_
When Not to Use Base64
Base64 increases data size by approximately 33%. For large files (images, videos, documents), this overhead is significant. If you're embedding a 1MB image as a Base64 data URI in your HTML, you're adding 330KB of extra data that can't be cached separately by the browser. For assets larger than a few kilobytes, use regular file URLs and let the browser cache them normally.
Base64 is not encryption. It's trivially reversible. Never use Base64 to "hide" passwords, API keys, or any sensitive data. Anyone can decode it instantly. For actual security, use proper encryption (AES-256, for example) or hashing (SHA-256 for integrity, bcrypt for passwords).
FAQ
Is Base64 encryption?
No. Base64 is encoding, not encryption. Anyone can decode it instantly. Never use Base64 to "hide" sensitive data — use proper encryption instead.
Is my data private?
Yes. All encoding/decoding runs in your browser. Nothing is sent to any server.