ESC
Input Text
Output Result

0

Input Length

0

Output Length

0%

Size Change

Encode

Current Mode

Usage Examples

Image Encoding

Convert image files to Base64 format for web pages.

data:image/png;base64,iVBORw0K...
API Token Encoding

Securely encode API keys and tokens.

YXBpX2tleV8xMjM0NTY3ODkwYWJjZG...
Email Content

Encode email attachments in Base64 format.

SGVsbG8gV29ybGQh...

Features

Real-time Processing

Encodes or decodes your text as you type

Bidirectional

Both encoding and decoding operations

Size Statistics

Compare input and output sizes

💾

File Download

Download results as files

How to Use?

1

Select Mode

Choose encoding or decoding mode.

2

Enter Text

Enter the text to encode or Base64 code to decode.

3

Get Result

Result is automatically calculated and displayed.

4

Copy or Download

Copy the result or download it as a file.

Frequently Asked Questions

Base64 is an encoding scheme that converts binary data into a text string using 64 characters: A-Z, a-z, 0-9, + and /. It was designed to safely transmit binary data through systems that only handle ASCII text — like email, URL parameters, and JSON fields. Every 3 bytes of binary input become 4 Base64 characters. The encoding is completely reversible — any tool that knows the algorithm can decode it instantly without any key.

No. Base64 is encoding, not encryption. Anyone who sees a Base64 string can decode it to the original data in milliseconds without any password or key. Base64 provides zero confidentiality or security. It is purely a format conversion to make binary data safe for text-based systems. If you need to actually protect data from being read, use AES encryption instead. The confusion arises because Base64 output looks like random characters — but it is completely reversible without any secret.

Standard Base64 uses + and / characters, which have special meanings in URLs (+ means space, / separates path segments). URL-safe Base64 (also called Base64url) replaces + with - and / with _, making the output safe to use in URLs and file names without percent-encoding. You typically need URL-safe Base64 for JWT tokens, OAuth state parameters, URL shorteners, and file names generated from hashes. Most APIs that claim to use "Base64" in URLs actually use Base64url.

Text input supports all Unicode characters — emojis, CJK, Arabic, Cyrillic, and every other character set via UTF-8 encoding. For files, upload anything up to 10 MB: images (PNG, JPEG, WebP), documents, binary data, zip archives. The file is read as raw bytes and encoded, so the output is a valid Base64 representation of the entire file regardless of its content type.

Base64 always adds approximately 33% size overhead. This happens because 3 input bytes (24 bits) become 4 output characters (32 bits). A 1 MB image becomes roughly 1.33 MB Base64. Additionally, Base64 strings often have line breaks added every 76 characters per MIME standard, adding a small amount more. For small assets (under 5 KB) the overhead is worth eliminating an HTTP request by inlining as a Data URI. For larger files, serve them separately.

Yes. Upload any image and the Base64 output can be used directly as a Data URI by prefixing it with data:image/png;base64, (adjust the MIME type for JPEG or WebP). For example: <img src="data:image/png;base64,iVBOR...">. This embeds the image directly in HTML or CSS without a separate file request. Useful for small icons, email templates where external images may be blocked, and offline HTML documents.

A JWT has three parts separated by dots: header.payload.signature, each part being Base64url-encoded. You can paste any individual part (header or payload) into this decoder and read the JSON inside. However, this tool does not verify the JWT signature — for JWT signature verification, use a dedicated JWT decoder tool. The header and payload of any JWT can be read by anyone who has the token, since they contain only encoded (not encrypted) data.

No. All encoding and decoding happens in your browser using JavaScript's built-in btoa() and atob() functions (for text) and FileReader API (for files). Nothing is sent to any server. You can safely encode API keys, private data, and sensitive files without any privacy concerns.

Need to Embed an Image in an Email Template?

Need to embed an image in an email template? Or decode that weird string from an API response? Base64 converts binary data to plain ASCII text using 64 characters (A-Z, a-z, 0-9, + and /). Every 3 bytes of input become 4 characters of output. The result is a string that can safely travel through any system that handles text, no corruption, no data loss.

Where You Actually Run Into Base64

Data URIs let you inline small images directly in HTML or CSS with data:image/png;base64,... which saves an HTTP request. Email attachments use Base64 via MIME to safely encode binary files for SMTP. HTTP Basic Auth sends credentials as Authorization: Basic dXNlcjpwYXNz. JWTs encode their header and payload as Base64url. And canvas.toDataURL() spits out Base64 every time you export an image from the Canvas API.

Base64 Is Not Encryption. Seriously.

This trips up a lot of beginners. Base64 is encoding, not encryption. Anyone can decode it in milliseconds without any key. If you see a Base64 string in a config file or URL, it provides zero security. It is just a format conversion. For actual data protection, use AES-256 or TLS. Base64 is for making binary data text-safe, nothing more.

The 33% Size Tax

Base64 always makes data about 33% bigger because 3 input bytes become 4 output characters. For tiny icons under 2-5KB, that overhead is worth it because you eliminate an HTTP request. For anything bigger, serve it as a separate file with proper cache headers. The break-even point depends on your setup, but as a rule of thumb: if the image is over 5KB, do not inline it.

Encode and Decode Right Here

Paste text or upload a file up to 10MB. Results appear as you type. You get stats showing input length, output length, and the exact size change. Copy to clipboard or download as a file. Everything runs in your browser, nothing touches a server.

Security and Privacy

Your data security is our priority

Local Processing

All processing happens in your browser

No Data Transfer

Your data is not sent to our servers

No Data Storage

No data is stored or shared

SSL Encryption

SSL encryption for secure connection

Next Step

Also on MoreOnlineTools