Base64 Encoder & Decoder
Encode and decode Base64 strings online. UTF-8 safe, browser-only — your data never leaves your device.
How to use Base64 Encoder
- 1Pick a mode
Choose Encode (text → base64) or Decode (base64 → text).
- 2Enter input
Type or paste your input. The output updates live.
- 3Copy output
Click Copy to grab the result.
About Base64 Encoder
Base64 is a binary-to-text encoding that uses 64 ASCII characters (A–Z, a–z, 0–9, +, /) to represent any binary data. It is the standard way to embed binary content — images, fonts, signatures, certificates — inside text-only contexts like HTML, JSON, XML, or HTTP headers. The price of this portability is roughly 33% size inflation: every 3 bytes of binary become 4 ASCII characters, plus optional padding.
A critical thing to understand: Base64 is not encryption. It is trivially reversible by anyone with a decoder. If you need to keep something secret, encrypt it first and then Base64-encode the ciphertext if needed for transport. Utilify's encoder handles UTF-8 strings correctly — including accented characters and emoji — by encoding through TextEncoder before the Base64 transformation, so round-trips preserve every byte exactly.
Under the hood the algorithm is simple: the input bytes are taken three at a time (24 bits), split into four 6-bit groups, and each group maps to one character in the 64-character alphabet. When the input length is not a multiple of three, one or two "=" padding characters are appended so the output length stays a multiple of four. That padding is why so many Base64 strings end in "=" or "==".
There are two common alphabets. Standard Base64 uses "+" and "/" for the last two characters; Base64URL replaces them with "-" and "_" and usually drops the padding, because "+", "/", and "=" have special meanings in URLs and filenames. JWTs, for example, are Base64URL-encoded. If a token or string fails to decode here, a mismatch between these two variants — or missing padding — is the usual culprit.
Beyond JWTs and data URIs, Base64 shows up almost everywhere binary data has to survive a text-only channel intact: email attachments (MIME), embedded TLS and SSH keys (PEM files are Base64 wrapped in header lines), inline SVG and font assets in CSS, and binary fields stored in JSON APIs. Knowing how to encode and decode it quickly is a small but constant part of working with the web.
When to use Base64 Encoder
- Data URIs
Embed small images directly into HTML or CSS without separate file requests.
- Basic-auth headers
Build the "Authorization: Basic <base64>" value for HTTP basic authentication.
- Inspecting JWTs
JWT header and payload are Base64URL-encoded — decode them to see the claims.
Examples
Hello, world!
SGVsbG8sIHdvcmxkIQ==
안녕 🌍
7JWI64WVIPCfjI0=
Frequently asked questions
Is this UTF-8 safe?+
Yes. The encoder uses TextEncoder and TextDecoder, so accented characters, non-Latin scripts, and emoji all round-trip correctly without corruption.
What is Base64 used for?+
Base64 lets you embed binary data inside text-only formats — JWTs, data URIs, basic-auth headers, email attachments (MIME), and PEM-encoded keys and certificates.
Is Base64 encryption? Is it secure?+
No. Base64 is encoding, not encryption — anyone can decode it instantly. Never use it to hide secrets. Encrypt sensitive data first, then Base64-encode the ciphertext only if you need it in a text channel.
What is the difference between Base64 and Base64URL?+
Standard Base64 uses "+" and "/" and pads with "="; Base64URL uses "-" and "_" instead and usually omits padding, so the result is safe inside URLs and filenames. JWTs use Base64URL.
Why does my Base64 string end in "=" signs?+
That is padding. When the input length is not a multiple of three bytes, one or two "=" characters are added so the encoded length stays a multiple of four.
Related tools
Format, beautify, and validate JSON online. Free, fast, runs entirely in your browser.
Validate JSON syntax online with clear error messages and line numbers. Free and private.
Decode JWT tokens and inspect header, payload, and signature. Runs locally — your tokens stay private.
From the blog
A JWS (signed JWT) has 3 parts; a JWE (encrypted JWT) has 5. Learn what each JOSE acronym means, when a token is signed vs encrypted, and which you need.
Base64 encode and decode in browser JS, Node.js, Python, and the shell. Why btoa only takes code points 0-255, plus the UTF-8 fix and URL-safe variant for each.