⚡ Instant — No Signup Required

Base64 Encoder / Decoder

Encode text to Base64 or decode Base64 back to text. Supports URL-safe encoding. 100% client-side.

Input — Plain Text

0 chars

Output — Base64

0 chars

How It Works

🔄

Bidirectional

Encode text to Base64 or decode Base64 back to plain text with one click.

🔗

URL-Safe Mode

Enable URL-safe encoding that replaces + with - and / with _ for use in URLs.

📦

No Size Limit

Process any amount of text — everything runs in your browser with no upload limits.

🔐

100% Private

Your data never leaves your browser. No server-side processing, no logging.

FAQ

What is Base64 encoding?

Base64 is a binary-to-text encoding scheme that converts binary data into ASCII characters. It's commonly used in email attachments, data URIs, API authentication tokens, and embedding binary data in text formats like JSON or XML.

Is Base64 encryption?

No. Base64 is encoding, not encryption. It doesn't provide any security — anyone can decode a Base64 string. It's used for data transport, not data protection.

What is URL-safe Base64?

Standard Base64 uses + and / characters which have special meaning in URLs. URL-safe Base64 replaces + with - and / with _ to make the encoded string safe for use in URLs and filenames.

Why does Base64 increase size?

Base64 encodes 3 bytes into 4 characters, resulting in approximately 33% size increase. This is the tradeoff for being able to represent binary data as text.

What Is Base64 Encoding and Why Does It Exist?

Base64 is an encoding scheme that converts binary data into a set of 64 printable ASCII characters. It exists because many communication protocols — email (SMTP), HTTP headers, HTML attributes — were designed to handle text, not arbitrary binary data. When you need to transmit binary data (an image, a PDF, a public key) through a text-based channel, you encode it as Base64 first.

The name comes from the 64 characters used: A-Z (26), a-z (26), 0-9 (10), plus + and /. Every three bytes of binary input produce four characters of Base64 output, which means Base64-encoded data is about 33% larger than the original. This overhead is a deliberate trade-off for universal compatibility across text channels.

Base64 is not encryption. The encoding is completely reversible and publicly known — anyone with a Base64 decoder can retrieve the original data. Do not use Base64 to protect sensitive information. Use it only to encode data for transmission, not to secure it.

Practical Uses in Web Development

The most common use in front-end development is data URIs — embedding small images or fonts directly in CSS or HTML as Base64-encoded strings, eliminating a separate HTTP request. A small icon encoded as Base64 in a CSS background-image property loads instantly without a network round-trip, which matters for performance on mobile connections.

On the backend, Base64 appears in API authentication (HTTP Basic Auth sends credentials as Base64), JSON Web Tokens (the header and payload sections are Base64url encoded), and when passing binary payloads through REST APIs that accept only JSON strings. Developers also use it to encode configuration values containing special characters in environment variables and CI/CD pipelines.

Frequently Asked Questions

What is the difference between Base64 and Base64url?

Standard Base64 uses + and / as the 63rd and 64th characters. These characters have special meaning in URLs, which causes problems when Base64 strings appear in query parameters or path segments. Base64url replaces + with - and / with _, making the output URL-safe. JWT tokens use Base64url. This tool supports both; select URL-safe mode if you need the output to appear in a URL.

Is Base64 encoding secure?

No. Base64 is not a security measure. It is trivially reversible — anyone can decode Base64 with any standard tool in under a second. It provides obfuscation at best and should never be used to protect sensitive data like passwords, API keys, or personal information. For security, use encryption (AES, RSA) or proper secrets management.

Why does my Base64 output sometimes end with = or ==?

Base64 encodes every 3 bytes into 4 characters. If your input length is not divisible by 3, padding characters (=) are added to make the output length a multiple of 4. One = means there was one remaining byte; == means two remaining bytes. This padding is required by the RFC 4648 standard, though some implementations omit it.

Can this tool encode images to Base64?

This tool encodes and decodes text. For encoding image files as Base64 data URIs (for use in CSS or HTML), use the CyberScryb Base64 Image Encoder guide, which walks through the process of converting image files to inline data URIs.

What Is Base64 Encoding

Base64 is a binary-to-text encoding scheme that converts binary data into a string of ASCII characters. It uses 64 characters — A-Z, a-z, 0-9, plus (+) and slash (/) — to represent binary data in a text-safe format. The equals sign (=) is used for padding at the end when the input length isn't divisible by 3.

Base64 exists because many systems — email protocols, JSON, XML, URLs — can only handle text data safely. If you need to embed a binary file (an image, a PDF, a cryptographic key) inside a text-based format, Base64 encoding is the standard solution. The tradeoff is size: Base64 encoding increases the data size by approximately 33%, because every 3 bytes of binary data become 4 bytes of Base64 text.

Base64 is not encryption. It provides zero security. Anyone can decode a Base64 string instantly. It's a transport encoding, not a security mechanism. If you see API keys or passwords stored as Base64 in configuration files, that's a security problem, not a solution.

Common Uses for Base64

Data URIs in HTML/CSS. You can embed small images directly in HTML or CSS using Base64 data URIs: data:image/png;base64,iVBOR.... This eliminates an HTTP request for each image, which can improve page load times for small icons and graphics. For images larger than ~2KB, a separate file with proper caching is usually faster.

Email attachments. MIME email encoding uses Base64 to embed binary attachments inside text-based email messages. When you attach a PDF to an email, your email client Base64-encodes it before sending and the recipient's client decodes it on arrival.

API authentication. HTTP Basic Authentication encodes the username:password pair as Base64 in the Authorization header. Again, this is encoding for transport, not security — the credentials are only protected if the connection uses HTTPS.

JWT tokens. JSON Web Tokens use Base64url encoding (a URL-safe variant that replaces + with - and / with _) for the header and payload sections. The signature section is also Base64url-encoded.

Base64 Variants

Standard Base64 (RFC 4648) uses +, /, and = characters that have special meaning in URLs and filenames. Base64url replaces + with - and / with _, making it safe for URLs and filenames without percent-encoding. This is what JWTs and many modern APIs use.

MIME Base64 inserts line breaks every 76 characters, as required by the MIME email specification. Standard Base64 has no line breaks. If you're decoding Base64 and getting errors, check whether the input has unexpected line breaks or whitespace.

This tool handles both standard and URL-safe Base64. It automatically detects the variant when decoding and lets you choose the variant when encoding.

Related Reading

Related Tools You Might Like

JSON ↔ CSV Converter Convert data between JSON and CSV formats instantly. UUID Generator Generate unique identifiers for keys, tokens, and records. Markdown ↔ HTML Convert Markdown to clean HTML and back.

?? Related Guides

?? Base64 Encoding & Decoding Guide Read the full guide ? ?? Base64 Image Encoder Guide Read the full guide ?