Base64 Encoder / Decoder Free
Encode any text to Base64 or decode Base64 back to plain text instantly. Supports standard Base64 and URL-safe Base64 (RFC 4648). Handles UTF-8 text, binary data strings, and line-length formatting. Runs entirely in your browser — your data is never uploaded.
Input
Output
Pro — file upload, binary encode/decode, bulk API, batch processing
API access · Priority queue · Team workspace
How It Works
Paste Your Text
Paste any plain text string you want to encode into Base64, or paste a Base64-encoded string you want to decode back to plain text. The input area accepts any UTF-8 text including special characters, accented letters, and Unicode symbols. You can also click Sample to load a quick demo payload showing typical Base64 encoding of a JSON string — a common use case for API tokens and HTTP Basic auth headers.
Choose Options
Select Standard Base64 (uses + and / characters, suitable for most use cases) or URL-safe Base64 (uses - and _ instead of + and /, no padding issues in URLs and filenames). Choose a line wrap length of 64 characters for MIME-style encoding (used in email), 76 characters for PEM certificates, or no wrapping for compact single-line output like JWT headers. Then click Encode or Decode.
Copy or Download
The encoded or decoded result appears in the output panel. Copy it to clipboard for pasting into code, HTTP headers, or config files — or download it as a plain text file. The stats bar shows the input and output byte lengths so you can verify the Base64 overhead (encoded output is approximately 4/3 the size of the original, plus any line-break characters added by line wrapping).
Base64 Encoder Features
RFC 4648 compliant encoding with URL-safe and MIME line-wrap support
Standard & URL-Safe Base64
Supports both RFC 4648 §4 (standard Base64 using + and / characters) and RFC 4648 §5 (URL-safe Base64 using - and _ instead). URL-safe Base64 is required for JWT tokens, OAuth tokens, and any situation where the encoded string will appear in a URL or filename without percent-encoding the + and / characters.
MIME & PEM Line Wrapping
Optionally wrap Base64 output at 64 characters per line (MIME format, used in email attachments and HTTP multipart bodies) or 76 characters per line (PEM format, used in TLS certificates, SSH keys, and X.509 certificates). No wrapping produces compact single-line output suitable for JWT payloads, data URIs, and embedding in JSON strings.
Full UTF-8 Support
Correctly encodes multi-byte UTF-8 characters by first encoding text to UTF-8 bytes before applying Base64. This means accented characters (é, ü, ñ), CJK characters, emoji, and any Unicode character are encoded correctly. Decoding reverses the process — Base64 → UTF-8 bytes → Unicode string — producing the exact original text.
Decode Validation
When decoding, the tool validates that the input is a valid Base64 string before attempting decoding. Invalid characters (those outside the Base64 alphabet) trigger a clear error message instead of silently producing garbage output. Whitespace and line breaks in the Base64 input are stripped automatically, so pasted PEM or MIME-formatted data decodes without preprocessing.
Size Metrics
The stats bar shows the input length in characters and bytes alongside the output length, so you can verify Base64 expansion overhead. Standard Base64 produces approximately 1.33× the input size in bytes (4 output characters per 3 input bytes), plus line-break bytes if wrapping is enabled. This is useful when sizing HTTP headers or checking data URI limits.
100% Private
All encoding and decoding runs locally in your browser using the built-in TextEncoder and btoa/atob APIs. Your text, tokens, credentials, certificates, and keys are never transmitted to any server. Safe for encoding API secrets, passwords, private keys, and other sensitive strings.
Free vs Pro
| Feature | Free | Pro |
|---|---|---|
| Text encode/decode | ||
| URL-safe Base64 | ||
| File/binary upload | — | |
| Batch encode via API | — | |
| Image → data URI | — | |
| REST API access | — |
Frequently Asked Questions
Base64 encoding is used to represent binary data as printable ASCII text so it can be safely transmitted over systems that only support text, such as email (SMTP), HTTP headers, JSON payloads, and XML. Common use cases include embedding images as data URIs in CSS and HTML, encoding HTTP Basic Auth credentials (username:password), JWT token payloads and signatures, and embedding certificates in PEM files. Base64 is not encryption — it is purely an encoding scheme.
Standard Base64 (RFC 4648 §4) uses the characters A–Z, a–z, 0–9, +, and / with = padding. The + and / characters are special in URLs and must be percent-encoded as %2B and %2F if used in query strings or paths, which makes standard Base64 problematic in URLs. URL-safe Base64 (RFC 4648 §5) replaces + with - and / with _, making the output safe to embed directly in URLs and filenames without percent-encoding. JWT tokens use URL-safe Base64 without padding.
Base64 encodes 3 bytes at a time into 4 characters. When the input length is not a multiple of 3, padding characters = are added to make the output length a multiple of 4. One = means the last group had 2 input bytes; == means it had only 1 input byte. Padding ensures that the decoder knows exactly how many bytes the last group represents. Some systems (such as JWT) omit padding and trim trailing = signs, which is valid as long as both encoder and decoder agree on this convention.
No — Base64 is not encryption and provides no security. Any Base64-encoded string can be trivially decoded by anyone using this tool or a single line of code. Never store passwords as Base64 in a database; use a proper password hashing algorithm like bcrypt, scrypt, or Argon2 instead. Base64 is only appropriate for encoding data to make it safe for text transmission, not for protecting it from unauthorized access.
A JWT token consists of three URL-safe Base64 parts separated by dots: header.payload.signature. You can decode the header and payload parts using this tool in URL-safe decode mode by pasting each part separately (without the dot separators). The signature is a cryptographic hash and is not meaningful as text. For a dedicated JWT decoder that parses all three parts simultaneously and displays the JSON fields, use our JWT Decoder tool.
This happens when the Base64 was produced from a non-UTF-8 encoding such as Latin-1 or Windows-1252, which use single bytes for characters like é and ü rather than the two-byte UTF-8 sequences. This tool assumes all text was UTF-8 encoded before Base64 encoding, which is correct for modern applications. If your decoded output contains garbled characters, the original Base64 was encoded from a different character set. The Pro version supports specifying the input encoding.