Generators & Utilities

Base64 Encoder / Decoder

Encode any text to Base64 or paste Base64 to decode it back, with both fields updating live. The tool is UTF-8 safe, so emoji and accented characters survive the round trip intact, and a toggle switches to the URL-safe variant for use in links and filenames. Everything runs in your browser, so even sensitive data is never uploaded.

UTF-8 safe (handles emoji and accents via TextEncoder/TextDecoder). Runs entirely in your browser — nothing is uploaded.

What Base64 is for

Base64 is an encoding that represents binary or text data using only 64 safe ASCII characters — A–Z, a–z, 0–9, plus two symbols. Its job is not to hide or compress data but to let arbitrary bytes travel safely through systems that were designed for plain text: email attachments, JSON payloads, data URIs that embed images directly in HTML or CSS, HTTP headers, and API tokens. Whenever you have seen a long string of seemingly random letters and equals signs, it was probably Base64.

How the encoding works

Base64 takes three bytes (24 bits) at a time and splits them into four groups of six bits, mapping each group to one of the 64 characters. Because six bits have 64 possible values, the mapping is exact and reversible. When the input length is not a multiple of three, the output is padded with one or two = signs so decoders know how many bytes to expect. The side effect is that Base64 output is always about 33% larger than the original — a fair trade for guaranteed safe transport.

Why UTF-8 handling matters

Naive Base64 tools break on anything beyond plain ASCII, turning an emoji or an accented name into garbled characters. This tool first converts your text to UTF-8 bytes with the browser's TextEncoder, encodes those bytes, and reverses the process with TextDecoder on the way back. That means “Café”, “naïve”, Cyrillic, Chinese, and emoji all encode and decode perfectly — a common failure point elsewhere that this tool handles correctly.

The URL-safe variant

Standard Base64 uses + and /, but both have special meaning in URLs and file paths, so pasting standard Base64 into a link can corrupt it. The URL-safe toggle swaps those for - and _ and drops the trailing padding, producing a string you can safely use in a query parameter, a JWT, or a filename. Decode works with either variant, so you can paste whatever you were given.

Privacy and security

All encoding and decoding happens in your browser. Nothing you type is sent to a server, saved, or logged, so it is safe to decode a token or encode private data here. Remember, though, that Base64 is encoding, not encryption — anyone can decode it. Never treat Base64 as a way to protect secrets; use it only to move data through text-only channels.

FAQ

Does this handle emoji and accented characters?

Yes. It converts text to UTF-8 bytes with TextEncoder before encoding and reverses it with TextDecoder, so emoji, accents, and non-Latin scripts round-trip correctly where many tools fail.

Is Base64 a form of encryption?

No. Base64 is reversible encoding, not encryption. Anyone can decode it instantly, so never use it to protect passwords or secrets. It only makes data safe to transport through text channels.

What is the URL-safe variant?

It replaces the + and / characters with - and _ and removes padding, so the result can be used safely in URLs, query parameters, and filenames without being corrupted.

Why is the encoded text longer than the original?

Base64 expands data by about 33% because it represents every three bytes as four characters. That overhead is the cost of using only safe ASCII characters.

Is my data sent anywhere?

No. Encoding and decoding run entirely in your browser. Nothing is uploaded, stored, or logged, so it is safe to decode tokens or encode private text.

More free tools