Decode a simple word
Encoded
SGVsbG8gV29ybGQ=
Decoded
Hello World
The trailing = is padding because Hello World is 11 bytes, which is not a multiple of 3. Decoding always strips it correctly.
Base64 Encoder / Decoder
Instantly encode or decode Base64 strings and files.
Last updated
TextPaste text to begin
Base64
Encoded or decoded output appears here — everything runs locally.
What is Base64?
Base64 is an encoding scheme that represents binary data using 64 printable characters. Developers reach for it whenever a text-only system needs to carry bytes — small images embedded in HTML, tokens, email attachments, data URLs, copy-pasteable secrets in logs, and JSON fields that store binary blobs.
Base64 is *encoding*, not encryption. Decoding a Base64 string usually reveals the original content immediately, so it should never be treated as a security boundary. Anything inside Base64 is effectively public unless it has been encrypted *before* being encoded.
Under the hood, Base64 takes 3 bytes (24 bits) and rewrites them as 4 characters from a fixed 64-character alphabet (A–Z, a–z, 0–9, +, /). When the input length isn't a multiple of 3, the encoder adds one or two = characters at the end as padding. That's why Base64 strings often end with =.
What you'll learn while using Base64
- Encoding changes how data is represented; it does not hide or protect the data — anyone can decode it.
- Base64 output is roughly 4/3 the size of the original bytes, so it's convenient but not space-efficient.
- Padding characters like
=complete the final group of 4 and are normal in many Base64 strings.
How to encode and decode Base64 step by step
Pick a direction
Choose Encode if you have plain text or a file and want Base64 output. Choose Decode if you have a Base64 string and want the original content back.
Paste your input or drop a file
Paste a string into the text box, or drag a file (image, PDF, anything) onto the drop zone. Files are converted to a
data:URL ready to embed in HTML or CSS.Read the output
Encoded output is the Base64 string. Decoded output is the original text — or, if the input was a file, the recovered bytes shown as a download link.
Copy the result
Click the copy button to put the result on your clipboard. Everything runs in your browser, so the input never leaves your machine.
Base64 quick reference
The pieces you'll keep meeting once you start working with Base64 — defined by RFC 4648.
| Element | Meaning | Example |
|---|---|---|
| Alphabet | 64 characters used by standard Base64 | A–Z, a–z, 0–9, +, / |
| URL-safe alphabet | Used by JWTs and URLs | A–Z, a–z, 0–9, -, _ |
| Padding | Pads the final group when length isn't a multiple of 3 | = or == |
| Group size | Bytes per encoded chunk → 4 output chars | 3 bytes → 4 chars |
| Length growth | Output is ~33% larger than input | 100 B → 136 chars |
| Data URL | Inline file embed for HTML/CSS | data:image/png;base64,... |
Base64 examples to try
Encode a small JSON payload
Original
{"role":"student","active":true}Base64
eyJyb2xlIjoic3R1ZGVudCIsImFjdGl2ZSI6dHJ1ZX0=
JWT tokens encode each segment exactly like this — that's why JWT payloads usually start with eyJ, which is the Base64 form of {".
Recognize a data URL
Data URL
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNgAAIAAAUAAen8GVAAAAAASUVORK5CYII=
The prefix declares the media type (image/png) and the encoding (base64). Everything after the comma is the file content. Useful for tiny images that load with the page.
Compare standard vs URL-safe alphabets
Standard
Pj4/Pyc+Pg==
URL-safe
Pj4_Pyc-Pg
URL-safe Base64 swaps + for - and / for _ so the value can sit inside a URL without further escaping. JWTs use this variant.
Common Base64 mistakes
- Calling Base64 "encrypted". Anyone can decode it without a password or key.
- Forgetting that Unicode text needs to be turned into UTF-8 bytes *before* Base64 encoding — otherwise non-ASCII characters round-trip incorrectly.
- Stripping
=padding manually and feeding the result to a strict decoder that expects it. (URL-safe decoders usually accept missing padding; standard decoders may not.)
Base64 FAQ
What is Base64 encoding?
Base64 is an encoding that represents binary data as printable text using a 64-character alphabet. It is used wherever bytes need to travel through a text-only system — APIs, JSON, JWTs, email, data URLs.
How does Base64 work?
Base64 takes 3 input bytes (24 bits) and splits them into four 6-bit groups. Each 6-bit group is mapped to one of 64 characters. If the input isn't a multiple of 3 bytes long, one or two
= characters are added as padding.How do I decode a Base64 string?
Paste the string into a Base64 decoder. The output is the original text or file. In code, most languages ship a built-in:
atob() in browsers, Buffer.from(str, 'base64') in Node.js, base64.b64decode() in Python.Is Base64 secure?
No. Base64 is encoding, not encryption. It is designed for representation and transport, not secrecy. If you need confidentiality, encrypt the data first and then Base64-encode the ciphertext.
Why does Base64 sometimes end with =?
= is padding. Base64 emits 4 characters for every 3 bytes of input. When the input length is not a multiple of 3, one or two = are added so the encoded length stays a multiple of 4.Can Base64 encode images?
Yes. Image bytes can be Base64-encoded and dropped into a
data:image/png;base64,... URL so the image is embedded directly in HTML, CSS, or JSON without a separate network request.