Base64 Encode / Decode

Encode plain text or binary data to Base64, or decode Base64 strings back to readable text. Supports URL-safe Base64 and file encoding. All processing is 100% client-side — your data never touches a server.

Mode
URL-safe Base64
Line breaks (76 chars)
Input · Plain Text
Size: 0 B Chars: 0
Output · Base64
Size: 0 B Ratio:
❤️ Support CodeConverter.net and donate ❤️

Everything you need to know about Base64

What is Base64 encoding?

Base64 is a binary-to-text encoding scheme that represents binary data using only 64 printable ASCII characters: A–Z, a–z, 0–9, +, and / (plus = for padding). It was designed to safely transport binary data — such as images, certificates, or files — through text-only channels like email (MIME), JSON payloads, or HTML attributes that cannot handle raw binary bytes.

Every 3 bytes of input are encoded as 4 Base64 characters, which means Base64 output is always approximately 33% larger than the original. Decoding reverses the process exactly, recovering the original bytes without loss. Base64 is not encryption — it provides no confidentiality and can be trivially decoded by anyone. It is purely an encoding mechanism for binary-safe text transport.

Common encode use cases
  • Embedding images in CSS (data: URIs) or HTML
  • Attaching binary files in JSON API payloads
  • HTTP Basic Authentication headers (user:pass)
  • Encoding SSH keys, certificates, or tokens for storage
Common decode use cases
  • Reading JWT payload claims (the middle segment)
  • Extracting files attached in email MIME parts
  • Inspecting Base64 environment variables or secrets
  • Debugging API responses with embedded Base64 data
How to use this tool
  • Choose Encode or Decode mode
  • Paste text, or use Upload File for binary encoding
  • Toggle URL-safe mode or MIME line breaks as needed
  • Copy the result or download as a .txt file
100% private & client-side
  • All encoding/decoding uses native browser APIs
  • Safe for API keys, tokens, certificates, and secrets
  • No data transmitted to any server at any point
  • Works offline after initial page load
Standard vs. URL-safe Base64
  • Standard uses + and / — unsafe in URLs & filenames
  • URL-safe replaces +- and /_
  • JWTs, OAuth tokens, and signed URLs use URL-safe Base64
  • Both variants are decodable — choose to match your target system
Base64 is not encryption
  • Base64 is an encoding, not a security mechanism
  • Anyone can decode a Base64 string in seconds
  • For sensitive data, use AES or another real encryption scheme
  • Do not mistake obfuscation with security

Base64 in JWTs — a practical example

JSON Web Tokens (JWTs) are a perfect real-world example of Base64 in action. A JWT consists of three dot-separated segments: a header, a payload, and a signature — each encoded as URL-safe Base64 (without padding). To inspect the claims in a JWT without verifying its signature, you can take the middle segment (between the two dots), paste it here in Decode mode with URL-safe enabled, and read the JSON payload directly.

Note that the signature is the part that proves a JWT hasn't been tampered with — it is computed using a secret key that only the issuing server knows. Decoding the header and payload is public by design; they are meant to be readable. The security comes from the signature, not from any obscurity in the encoding.