Base64 Encoder and Decoder
Convert text to Base64 encoding or decode Base64 strings back to original text format.
How to Use the Base64 Converter?
Enter your text or Base64 string and choose to encode or decode it.
What Is Base64 Encoding?
Base64 is a binary-to-text encoding scheme that represents binary data using a set of 64 printable ASCII characters. It was originally designed to allow binary data (images, files, encrypted payloads) to be safely transmitted over text-based protocols like email (SMTP) and HTTP, which historically could only handle 7-bit ASCII. The name "Base64" reflects the 64-character alphabet used: A–Z (26), a–z (26), 0–9 (10), and two additional characters (+ and /).
How Base64 Encoding Works
Base64 converts every 3 bytes (24 bits) of binary data into 4 Base64 characters (each representing 6 bits). Here is the step-by-step process:
- Split the input data into groups of 3 bytes (24 bits)
- Divide each 24-bit group into four 6-bit chunks
- Map each 6-bit value (0–63) to its corresponding Base64 character
- Pad with
=characters if the input length is not divisible by 3. One remaining byte produces==padding; two remaining bytes produce=
Because 3 bytes become 4 characters, Base64-encoded data is always approximately 33% larger than the original binary data.
Base64 Character Table
| Characters | Values | Count |
|---|---|---|
| A–Z | 0–25 | 26 |
| a–z | 26–51 | 26 |
| 0–9 | 52–61 | 10 |
| + | 62 | 1 |
| / | 63 | 1 |
| = | Padding | — |
Base64 Variants
| Variant | Extra Characters | Padding | Use Case |
|---|---|---|---|
| Standard (RFC 4648) | + / | = required | Email (MIME), general encoding |
| URL-Safe (RFC 4648 §5) | - _ | Optional | URLs, filenames, JWTs |
| MIME (RFC 2045) | + / | = required | Email attachments (76-char line wrap) |
Common Use Cases
- Data URLs in HTML/CSS: Embed images directly in code:
data:image/png;base64,iVBORw0KGgo.... Saves an HTTP request but increases HTML file size by 33%. - API authentication: HTTP Basic Auth encodes
username:passwordin Base64 and sends it in theAuthorizationheader. - Email attachments (MIME): Email protocols only support 7-bit ASCII text. Base64 encodes binary attachments (PDFs, images) for safe transmission.
- JWT tokens: JSON Web Tokens encode the header and payload as Base64URL strings, making them safe to pass in URLs and HTTP headers.
- Storing binary in JSON/XML: Since JSON cannot contain raw binary data, files are Base64-encoded before embedding in API payloads.
- Configuration and secrets: Kubernetes Secrets store values as Base64. Note: this is encoding, not encryption — the data is trivially decodable.
Base64 Is Not Encryption
A common misconception is that Base64 "encrypts" data. Base64 is encoding, not encryption. Anyone can decode a Base64 string instantly — there is no key, no secret, and no security. Never use Base64 to protect sensitive data like passwords, API keys, or personal information. Use proper encryption (AES-256, RSA) or hashing (bcrypt, Argon2) instead.
Base64 in Different Languages
- JavaScript (browser):
btoa(string)to encode,atob(base64)to decode - JavaScript (Node.js):
Buffer.from(string).toString('base64') - Python:
base64.b64encode(bytes)/base64.b64decode(b64string) - PHP:
base64_encode($data)/base64_decode($data) - Java:
Base64.getEncoder().encodeToString(bytes) - Command line:
echo -n "text" | base64(encode) /echo "dGV4dA==" | base64 -d(decode)
Frequently Asked Questions — Base64 Encoder & Decoder
Base64 is an encoding scheme that converts binary data into ASCII text using 64 printable characters (A-Z, a-z, 0-9, +, /). It's used to transmit binary data over text-based channels: embedding images in CSS/HTML (data URIs), encoding email attachments (MIME), storing binary data in JSON, and passing binary data in URL query strings. Base64 is encoding, not encryption — it provides no security.
No — Base64 increases data size by approximately 33%. Every 3 bytes of input become 4 Base64 characters. A 1 MB image becomes approximately 1.33 MB as Base64. This is the trade-off for making binary data safe to transmit in text-only contexts. Never use Base64 to compress data; use actual compression algorithms (gzip, brotli) if size reduction is your goal.
Standard Base64 uses + and / which are unsafe in URLs. Base64URL replaces + with - and / with _, making it safe for use in URLs, filenames, and HTTP headers without percent-encoding. JWTs use Base64URL. Most tools default to standard Base64; use Base64URL when encoding data for URLs, cookies, or JWT tokens.
Base64 encodes 3 bytes at a time. If the input length isn't divisible by 3, padding characters (=) are added. One = means 1 byte was padded; == means 2 bytes were padded. Padding ensures the output length is always a multiple of 4 characters. In Base64URL (used by JWTs), padding is often omitted since the length can be inferred.
No. Base64 is trivially reversible — anyone who sees a Base64 string can instantly decode it. It provides zero security. For passwords, use a proper cryptographic hash function with salting: bcrypt, Argon2, or scrypt. These are designed to be slow and computationally expensive, making brute-force attacks impractical even if the hashed password is stolen.