No Sign-Up · Instant · Free

Base64 Encoder & Decoder

Encode text or files to Base64, or decode Base64 strings back to plain text. Supports URL-safe Base64 and MIME line-wrapping.

Mode:
Plain Text Input
Ready
Base64 Output
Awaiting input

Why Binary Data Needs Text-Safe Encoding

Every developer hits this wall eventually: you have binary bytes — a file, an image, an encryption key — and you need to put them somewhere that only accepts text. Email protocols, XML documents, JSON fields, and HTTP headers all carry text, not raw binary. Shove unencoded bytes through a text-only channel and the data gets mangled by character-set conversions, line-ending normalisations, or null-byte stripping.

Base64 solves this by mapping every 3 bytes into exactly 4 printable ASCII characters. The 64 characters it uses — A–Z, a–z, 0–9, +, / — are safe in virtually every text context. The tradeoff is a 33% size increase, which is acceptable for the interoperability you gain.

The Alphabet That Makes Base64 Work

The encoding takes each 3-byte (24-bit) chunk and splits it into four 6-bit groups. With 6 bits you can represent values 0–63, and there are exactly 64 characters in the Base64 alphabet, hence the name. When the input isn't divisible by 3, padding characters (= or ==) fill the gap so the output length is always a multiple of 4.

URLs present a secondary problem: standard Base64 includes + and /, which are reserved in query strings. URL-safe Base64 (Base64url, used in JWT tokens and OAuth flows) substitutes - for + and _ for /. Enable the URL-safe toggle here before generating any token that will live inside a URL. For percent-encoding entire URLs rather than tokens within them, the URL Encoder is the right companion.

MIME Line Wrapping — When You Need It

RFC 2045 (the MIME standard) specifies that Base64-encoded data in email bodies must wrap at 76 characters per line. Old SMTP servers and some mail libraries still enforce this and will reject or corrupt single-line Base64. If you're building an email client, generating PEM certificate files, or writing MIME-compliant attachments, enable Line Wrap in this tool to produce RFC 2045-compatible output. For every other use case — data URIs, JWT, API payloads — leave it off.

Practical Scenarios Where This Tool Helps

  • Decoding a JWT payload: JWT tokens are three Base64url-encoded segments joined by dots. Grab the middle segment (the payload), paste it here in Decode mode, then pipe the result into the JSON Formatter to read the claims clearly.
  • Inlining small images in CSS: Data URIs embed images directly in stylesheets, eliminating an HTTP request. Encode your PNG or SVG here, prefix with data:image/png;base64,, and paste into your CSS background-image property.
  • Inspecting HTTP Basic Auth headers: When debugging authentication issues, the Authorization header carries credentials as Basic <base64>. Decode the Base64 portion here to see the username:password in plain text.
  • Building API integrations with binary fields: REST APIs that accept file uploads via JSON encode the file bytes as Base64. Encode any file here and paste the output into the JSON payload. Inspect the full request structure with the JSON Formatter.
  • Reading PEM certificate files: TLS certificates, private keys, and CSRs are Base64-encoded DER data wrapped between -----BEGIN----- markers. Decode the block here to inspect the raw bytes.
  • Generating URL-safe session tokens: Cryptographically random bytes encoded with URL-safe Base64 make excellent session identifiers. They're unpredictable and safe to include in cookies or URL parameters without escaping.

File Encoding in the Browser

Switch to the File Encode tab to drag and drop any file — PDF, image, binary, anything. The tool uses the FileReader API in ArrayBuffer mode to read raw bytes, then encodes them without passing through any string representation that might introduce character encoding issues. The encoded output is ready to embed in HTML data URIs, JSON payloads, or anywhere else that accepts Base64 text. The entire process is local to your browser.

Privacy Guarantee

This tool is entirely client-side. The browser's native btoa() and atob() functions handle encoding and decoding without touching any server. Private keys, database credentials, JWT secrets, or any other sensitive data you paste here stays on your device. ToollyX never sees it.

Verified by ToollyX Team · Last updated June 2026

Frequently Asked Questions

Related Tools

URL Encoder/DecoderEncode and decode URL percent-encoding.Use tool HTML Encoder/DecoderEncode and decode HTML entities.Use tool JSON FormatterFormat, validate and minify JSON with syntax highlighting.Use tool Hash GeneratorGenerate MD5, SHA-1, SHA-256 and SHA-512 hashes.Use tool

Disclaimer: All Base64 encoding and decoding uses the browser's built-in JavaScript APIs. No data is ever sent to a server.