Skip to main content

Base64 Encoder & Decoder

Encode or decode Base64 — text, files, and Data URLs. Runs entirely in your browser.

  • Runs locally
  • Category Encoding & Crypto
  • Best for Checking file type, size, metadata, and obvious mismatch signals before sharing.
Input
Output

Examples

Edge cases handled

  • Whitespace and line breaks are ignored when decoding pasted Base64.
  • Text encode preserves leading spaces, trailing spaces, and blank lines exactly.
  • data:*;base64, prefixes are stripped before text decode.
  • Decode auto-detects base64url (- and _) in either mode; the URL-safe toggle controls the encode alphabet.
  • Unpadded strings are auto-padded when their length can be repaired.
  • Base64 is reversible encoding, not encryption.

What this tool does

A clean, privacy-first Base64 tool. Paste text or drop a file to encode it, or paste a Base64 string to decode it back. Handles UTF-8 correctly (Chinese, emoji, anything Unicode), supports URL-safe mode, and can wrap output in a Data URL prefix for use in CSS or HTML. Text encoding preserves exact leading spaces, trailing spaces, and blank lines. Decode mode also accepts wrapped Base64 with line breaks, data:*;base64, prefixes, repairable missing padding, and auto-detects base64url (- and _) without flipping any toggle. Your data never leaves the browser.

Tool details

Input
Files + Text + Numbers
The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
Output
Live result + Copy + Download
The result area focuses on usable output, with copy, download, or preview actions when supported.
Privacy
Browser-side processing
The main tool logic does not call an external API, so inputs normally stay in the current tab.
Save / share
Shareable URL state
Key settings are encoded in the URL so another person can reopen the same setup.
Performance budget
Initial JS <= 20 KB
No WASM budget is declared, keeping the tool quick to open on mobile.
Best fit
Encoding & Crypto · Developer
Category and role tags drive related tools, internal links, and quick fit checks.

How to use

  1. 1. Input

    Paste or drop your content into the tool panel.

  2. 2. Process

    Click the button. All processing is local in your browser.

  3. 3. Copy / Download

    Copy the result or download to disk in one click.

How Base64 Encoder & Decoder fits into your work

Use it before upload, handoff, archive, support review, or any moment where a file needs one local check before it leaves your machine.

File jobs

  • Checking file type, size, metadata, and obvious mismatch signals before sharing.
  • Preparing mixed folders for upload, archive, intake, or review.
  • Keeping sensitive files in the browser instead of sending them to an account-based service.

File checks

  • Do not treat the extension alone as proof of the real file type.
  • Review metadata before a file goes to customers, vendors, or a public page.
  • Keep the original file until the copied, converted, or exported result is verified.

Good next steps

These links move the current task into a more complete workflow.

  1. 1 Base64URL Encoder Decoder for JWT-Safe Strings Encode and decode URL-safe Base64 strings for JWT headers, payloads, tokens, and URL parameters without padding surprises. Open
  2. 2 Base64 to Hex Converter Base64 ⇄ hexadecimal at the byte level, no text encoding in between — standard or URL-safe, your separator and case, runs in your browser Open
  3. 3 File to Base64 Converter Upload a small file and convert it to raw Base64 or a data URL locally for embeds, fixtures, and tests. Open

Real-world use cases

  • Embed a small SVG icon directly in CSS without an extra HTTP request

    You have a 1.2 KB SVG arrow used in a button hover state. Instead of a separate file, drop the SVG here, toggle Data URL on, and paste the resulting "data:image/svg+xml;base64,..." straight into background-image. One fewer round-trip, no 404 risk when the asset path changes, and it ships inline with your stylesheet.

  • Decode a JWT payload to check what claims a token actually carries

    An auth bug has you staring at a 200-char token. Split it on the dots, paste the middle segment, switch to URL-safe decode, and you get readable JSON like {"sub":"42","exp":1735689600}. You can confirm the exp is in the past or the role claim is missing in about 10 seconds, no jwt.io round-trip needed.

  • Encode credentials for a quick curl Basic Auth header

    You need to hit an internal API that wants Authorization: Basic. Type "admin:s3cret", encode it, and you get "YWRtaW46czNjcmV0". Paste that after "Basic " in your curl command. Because everything stays local, the password never touches a logging proxy or a third-party server.

  • Inspect a Base64 blob pasted from a YAML or JSON config

    A Kubernetes Secret shows data as "cGFzc3dvcmQxMjM=" and you want to know the real value before redeploying. Paste it, decode, and you read "password123" instantly. The UTF-8 handling means a Chinese or emoji value in that secret round-trips correctly instead of turning into garbage bytes.

Common pitfalls

  • Expecting the URL-safe toggle to change how decoding works. Decode auto-detects both alphabets, so "aGVsbG8td29ybGQ_" decodes with the toggle off; the toggle only controls whether *encode* output uses - and _ instead of + and /.

  • Assuming Base64 is encryption. It is not — "YWRtaW46czNjcmV0" decodes back to "admin:s3cret" by anyone. For real secrecy use the AES text encryptor; Base64 only makes binary safe to transport.

  • Forgetting the Data URL MIME type. Encoding text and hardcoding "data:image/png;base64," will make browsers refuse it; let the tool set the prefix from the actual file type.

Privacy

Everything runs in your browser using native btoa/atob and the TextEncoder/TextDecoder APIs — no network request is made when you encode or decode, and files you drop in are read locally via FileReader. Your input is not uploaded, logged, or sent anywhere. Text mode keeps the input in the page URL so the share-link button can reopen the same conversion; do not share that link if the payload is a password, token, secret, or private config. File mode is not URL-backed, so dropped file bytes remain local to the tab.

FAQ

Tool combos

Folks in your role tend to reach for these alongside this tool.

Made by Toolora · 100% client-side · Updated 2026-07-02