Base64 Encoder & Decoder
Need to decode a Base64 string from an API response, or encode text for a data URI? Paste it below — encoding and decoding happen live as you type, with proper UTF-8 handling so accented characters and emoji survive the round trip.
13 chars in → 20 chars out
Base64 maps every 3 bytes to 4 characters (A–Z, a–z, 0–9, +, /), so output runs ~33% larger than the input. It's encoding, not encryption — anyone can reverse it. This tool is UTF-8 safe: “café” round-trips as Y2Fmw6k= instead of garbling the é.
What Base64 Actually Does
Base64 is an encoding, not encryption— a public, keyless, reversible mapping that anyone can undo, so never use it to hide secrets. Its job is to make arbitrary bytes safe for text-only channels: every 3 bytes become 4 characters drawn from a 64-symbol alphabet, which is why output runs about 33% larger than the input. “Man” (3 bytes) becomes TWFu, and “Hello, World!” becomes SGVsbG8sIFdvcmxkIQ== — the = signs are padding to a multiple of 4. Multi-byte UTF-8 is the classic pitfall: “café” encodes to Y2Fmw6k=, and decoders that skip the byte step show “café” instead.
Quick reference
"Man" → TWFu (3 bytes → 4 chars) "Hello, World!" → SGVsbG8sIFdvcmxkIQ== "café" → Y2Fmw6k= (é = 2 bytes in UTF-8) Standard alphabet A–Z a–z 0–9 + / padding = URL-safe (RFC 4648 §5) + → - / → _ padding dropped Size: ceil(bytes ÷ 3) × 4 chars ≈ +33%
Frequently Asked Questions
Why does my decoded base64 show garbled UTF-8 characters?
JavaScript's atob() returns one character per byte (Latin-1), so multi-byte UTF-8 sequences split into mojibake — "café" encodes to Y2Fmw6k=, and a naive atob() decode shows "café". The fix is to treat the atob() output as raw bytes and run them through TextDecoder (and TextEncoder before btoa() when encoding), which is exactly what this tool does.
Is base64 a form of encryption?
No — base64 is an encoding, not encryption. It's a reversible public mapping with no key; anyone can decode it instantly. Its job is to make binary data safe to ship through text-only channels (JSON, email, URLs). Never use it to hide passwords or secrets — use real encryption like AES, or hashing for passwords.
Why is base64 output about 33% larger than the input?
Base64 packs only 6 bits of data into each output character (64 symbols = 2^6), so every 3 input bytes become 4 output characters — a 4/3 ≈ 33% size overhead. "Man" (3 bytes) becomes the 4 characters TWFu. Inputs that aren't a multiple of 3 bytes are padded with = signs to keep the 4-character grouping.
What is URL-safe base64 and where is it used?
Standard base64 uses + and /, which collide with URL syntax (+ means space, / separates paths). The URL-safe alphabet from RFC 4648 §5 swaps + for - and / for _, and usually drops the = padding. JSON Web Tokens (JWTs) use it for all three dot-separated segments, which is why a JWT never contains + or /.