Base64 encoder / decoder

Encode text to Base64 or decode Base64 back to text. Supports Unicode and URL-safe variants.

Encode →← Decode

What is Base64 encoding?

Base64 is a binary-to-text encoding scheme that represents binary data using a set of 64 printable ASCII characters: A-Z, a-z, 0-9, +, and /, with = used for padding. It was originally designed to safely transmit binary data over channels that only support text, such as email (MIME) and early HTTP.

The encoding works by taking every three bytes (24 bits) of input and splitting them into four 6-bit groups. Each 6-bit value maps to one character in the Base64 alphabet. If the input length isn't a multiple of 3, the output is padded with one or two = characters. The result is always a text string that can be safely embedded in JSON, XML, HTML, URLs, and other text-based formats without corruption.

Base64 is defined in RFC 4648, which also specifies the URL-safe variant (using - and _ instead of + and /). Despite being universally supported, Base64 is not a compression or security mechanism — it increases data size by approximately 33% and provides no confidentiality.

Common uses for Base64

Embedding images in CSS/HTML — small images (icons, logos) can be inlined as data:image/png;base64,... URIs, eliminating an HTTP request at the cost of a larger document size.

Encoding binary data in JSON/XML — since JSON has no binary type, binary payloads (images, files, certificates) are typically Base64-encoded before embedding in a JSON field.

Email attachments — MIME encoding uses Base64 to attach binary files to email messages, which are fundamentally text-based protocols.

HTTP Basic Authentication — credentials are sent as Authorization: Basic base64(username:password). This is encoding, not encryption — always use HTTPS alongside it.

JWTs and cryptographic tokens — JSON Web Tokens encode their header and payload as URL-safe Base64 strings, making them safe to transmit in HTTP headers and URLs.

Frequently asked questions

Is Base64 a form of encryption?
No. Base64 is an encoding scheme, not encryption. It transforms binary data into a text-safe format using a 64-character alphabet (A-Z, a-z, 0-9, +, /). Anyone can decode Base64 without a key — there's no secret involved. If you need to protect data, use actual encryption (AES, RSA) and then optionally Base64-encode the encrypted output for safe transport.
Why does Base64 make data ~33% larger?
Base64 represents every 3 bytes of input as 4 characters of output. Three bytes = 24 bits, split into four 6-bit groups, each mapping to one of 64 printable characters. That 4/3 ratio means a 33% size increase. Add padding (= characters) and potential line breaks, and the overhead can be slightly higher. This is the trade-off for guaranteed text-safe representation of arbitrary binary data.
What is URL-safe Base64?
Standard Base64 uses + and / characters which have special meaning in URLs and filenames. URL-safe Base64 (also called base64url, defined in RFC 4648 §5) replaces + with - and / with _, and typically omits the = padding. It's used in JWTs (JSON Web Tokens), data URIs in URLs, and anywhere Base64 data needs to be embedded in a URL without percent-encoding.

Related tools

URL encoder/decoderEncode or decode URL components and query strings./converters/url-encoderHash generatorGenerate MD5, SHA-1, SHA-256, and SHA-512 hashes./generators/hashJWT decoderDecode and inspect JSON Web Token headers and payloads./explainers/jwt-decoderJSON formatterPrettify, minify, and validate JSON./formatters/json