What is Base64 encoding?

Base64 is a binary-to-text encoding scheme that represents binary data using 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It is used to safely transmit binary data over text-based systems like email and HTTP headers.

Is Base64 encryption?

No. Base64 is encoding, not encryption. It is fully reversible without any key. Anyone can decode Base64. Do not use it to protect sensitive data — use proper encryption like AES-256 for that purpose.

What is URL-safe Base64?

URL-safe Base64 (RFC 4648 §5) replaces + with - and / with _ so the encoded string can be used in URLs and filenames without percent-encoding. Padding (=) is also typically omitted.

Base64 Encoder & Decoder — Free Online Tool

File to Base64 Converter

Upload any file — image, PDF, font, audio — and instantly get its Base64-encoded data URI. Max 5 MB. Everything stays in your browser.

Click or drag a file here

Images, PDFs, fonts, audio — up to 5 MB

Base64 Data URI

Batch Encoder / Decoder

Process multiple values at once — one value per line. Each line is encoded or decoded independently.

Input (one value per line)

Output

How to Use This Tool

Everything you can do with this Base64 encoder and decoder in one place.

1

Encode Text

Select Encode mode, paste or type any plain text — including Unicode and emojis — into the input panel. Output updates in real time.

2

Decode Base64

Switch to Decode mode, paste your Base64 string. Invalid characters are caught immediately with a clear error message showing exactly what went wrong.

3

Use URL-Safe Mode

Check URL-safe to replace +→- and /→_. Use this for JWT tokens, URL parameters, and filenames that cannot contain those characters.

4

Encode Files

Upload any file up to 5 MB in the File to Base64 section. Images preview inline; all files produce a complete data URI you can copy or download.

5

Batch Process

Need to encode or decode many values? Use the Batch section — one value per line. Lines with errors show inline error labels without stopping other lines.

6

Swap & Download

Click Swap to push output back to input and flip the mode — useful for verifying a round-trip. Download the result as a .txt file anytime.

Everything Packed In

No installs, no accounts, no data leaving your device.

🔤

Full Unicode Support

Encodes any Unicode character — including emoji, CJK, Arabic, and RTL scripts — using UTF-8 byte encoding before Base64.

🔗

URL-Safe Base64

RFC 4648 §5 compliant — replaces +/ with -_ and strips padding. Required for JWTs, OAuth tokens, and URL parameters.

🖼️

File Encoder

Encode any file to a data URI. Images preview inline. Copy the raw Base64 or the full data:mime;base64,… string.

📋

Batch Processing

Encode or decode multiple values at once — one per line. Each line processed independently; errors don't break other lines.

🔁

Swap Mode

One click swaps input/output and flips encode/decode mode — perfect for verifying round-trip correctness.

📊

Size Stats

Live stats show input/output byte size and the size ratio — Base64 adds ~33% overhead, confirmed visually.

🔒

100% Private

All processing happens in your browser via native JavaScript APIs. Your data is never sent to any server.

💾

Download Output

Download encoded or decoded results as a .txt file with one click. No clipboard size limits.

Base64 Quick Reference

The key facts developers need to know about Base64.

Character Set (standard)

A–Z (26) a–z (26) 0–9 (10) + (1) / (1) = padding ───────────── Total: 64 chars

URL-safe differences

Standard → URL-safe + → - / → _ = → (omitted) Use for: JWT, OAuth tokens, URLs, filenames, cookies

Size overhead

Every 3 bytes → 4 chars Overhead: ~33.3% 10 KB plain text → ~13.3 KB Base64 Images in HTML are ~33% heavier as data URIs

JavaScript (browser)

// Encode ASCII btoa("hello") // → "aGVsbG8=" // Decode atob("aGVsbG8=") // → "hello" // Unicode needs escaping btoa(unescape( encodeURIComponent(str)))

Python

import base64 # Encode base64.b64encode( b"Hello") # → b"SGVsbG8=" # Decode base64.b64decode( "SGVsbG8=") # → b"Hello" # URL-safe base64.urlsafe_b64encode(...)

Common uses

✓ HTTP Basic Auth headers ✓ Data URIs (images/fonts) ✓ JWT token encoding ✓ Email attachment (MIME) ✓ Binary data in JSON/XML ✓ Cryptographic key storage ✗ NOT for security/passwords

Frequently Asked Questions

Everything you need to know about Base64 encoding and this tool.

Base64 is a binary-to-text encoding scheme that converts arbitrary binary data into a string of 64 printable ASCII characters. It exists because many text-based protocols — such as email (SMTP/MIME), HTTP headers, HTML attributes, and JSON — were designed for text only and cannot reliably transmit arbitrary binary bytes. Base64 bridges the gap, allowing binary data like images, certificates, and files to travel over these text channels without corruption.

No. Base64 is encoding, not encryption. It is completely reversible by anyone — no key or password is needed to decode it. It provides zero security or confidentiality. Never use Base64 as a way to "hide" or "protect" sensitive data like passwords, tokens, or personal information. For actual security, use proper encryption algorithms such as AES-256, RSA, or bcrypt (for passwords).

Standard Base64 uses + and / characters, which have special meanings in URLs (+ means space in query strings; / separates URL path segments). URL-safe Base64 (defined in RFC 4648 §5) replaces + with - and / with _, making the output safe in URLs, filenames, cookies, and HTTP headers without percent-encoding. Padding (=) is typically omitted too. Use URL-safe for JWTs, OAuth tokens, and any Base64 value that will appear in a URL.

Base64 increases the encoded size by approximately 33%. The math: every 3 bytes of input becomes 4 Base64 characters (each character representing 6 bits). So a 100 KB image becomes roughly 133 KB in Base64. When embedding images as data URIs in HTML or CSS, this overhead is a real cost — weigh it against the HTTP request saved. For large assets, a separate file request is typically more efficient.

Base64 processes input in 3-byte (24-bit) groups and outputs 4-character groups. When the input length is not a multiple of 3, padding characters (=) are added to make the output length a multiple of 4. One = means 1 byte was added; two == means 2 bytes were padded. URL-safe Base64 often strips padding since the decoder can calculate the original length from the character count alone.

Yes. Use the File to Base64 section on this page. Upload any image file (JPEG, PNG, GIF, SVG, WebP) up to 5 MB. The tool generates a complete data:image/...;base64,... data URI that you can paste directly into an HTML img tag's src attribute, a CSS background-image, or a <img src="..."> element. Images also preview inline so you can verify the encoding before copying.

The native browser function btoa() only accepts "Latin1" characters (code points 0–255). Unicode characters like emoji (🌍) or CJK characters have code points above 255, causing a DOMException: Failed to execute 'btoa' error. The solution is to first encode the string as UTF-8 bytes: btoa(unescape(encodeURIComponent(str))). This tool handles that automatically so you never need to worry about it.

No. All encoding and decoding happens entirely in your browser using native JavaScript APIs (btoa, atob, FileReader, TextEncoder). Your text, files, and Base64 strings are never sent to any server, never stored, and never logged. This makes the tool safe for sensitive payloads like API keys, tokens, and internal data.

A data URI embeds a file's full contents directly in a URL string. The format is data:[mime type];base64,[Base64 data]. For example: data:image/png;base64,iVBORw0KGgo…. Data URIs let you embed images, fonts, and small files directly into HTML, CSS, or JSON without a separate HTTP request. They're useful for email templates, single-file web pages, and small icons — but for larger files, separate requests are usually more performant.

JSON Web Tokens (JWTs) consist of three URL-safe Base64-encoded parts separated by dots: header.payload.signature. The header and payload are JSON objects encoded with URL-safe Base64 (no padding). The signature is computed over the header and payload using HMAC or RSA. Since the encoding is URL-safe, JWTs can be placed directly in HTTP headers, URL parameters, and cookies. Critically, the payload is only encoded — not encrypted — so anyone can read it by decoding it. Use JWE if the payload needs to be private.

Related Tools

View all →

Base64 Encoder & Decoder