Base64 Encoder / Decoder

encode and decode Base64 strings and files in your browser

By Bikram NathLast updated May 19, 2026

Base64 encoding converts binary or text data into a 64-character ASCII alphabet so it can travel safely through systems that only handle plain text. A common case: pasting a small PNG into CSS as `background-image: url('data:image/png;base64,iVBORw0K...')` avoids an extra HTTP request. Unlike most online converters, this tool supports URL-safe Base64 (replacing `+` and `/` with `-` and `_`) and handles binary file encoding, not just strings.

Try it now — free, instant, no signup

What is Base64 Encoder / Decoder?

Base64 is a binary-to-text encoding scheme that represents arbitrary byte sequences using only 64 printable ASCII characters (A–Z, a–z, 0–9, plus two symbols). Paste any UTF-8 string — say, `{"user":"alice"}` — and it encodes to `eyJ1c2VyIjoiYWxpY2UifQ==`. Paste a binary file and each group of three bytes becomes four Base64 characters, inflating size by roughly 33%.

Developers tend to reach for this when they need a quick encode-decode round-trip without leaving the browser. RapidTables has a Base64 page but only handles text, not binary files. CyberChef handles binary but requires selecting the right recipe from a long list. If you already have a terminal open, `base64` (macOS/Linux) or `certutil -encode` (Windows) does the same job faster; use this tool when you want to paste a file and share the output without touching the command line.

One gotcha that bites people regularly: the browser's native `btoa()` function throws `InvalidCharacterError` on any character outside Latin-1 (codepoint > 255). This means calling `btoa('café')` crashes. The correct approach is to first encode the string to UTF-8 bytes via `TextEncoder`, then Base64-encode the resulting `Uint8Array`. This tool handles that conversion internally, but if you're writing your own code, that two-step pattern is the reliable path.

When to use Base64 Encoder / Decoder

✓Embed a small icon or font file directly into a JSON config payload where binary attachments aren't supported.

→Decode a JWT's payload segment to inspect its claims before wiring up a full JWT library.

⚡Convert a Base64-encoded email attachment back to its original binary file when your mail client strips it.

Frequently Asked Questions

Why does the Base64 output always end with one or two equals signs?

Base64 encodes in groups of three input bytes at a time. When the input length isn't a multiple of three, the last group is padded with zero bits to complete it, and `=` characters mark that padding in the output so a decoder knows how many real bytes were in the final group. One `=` means one padding byte was added; `==` means two. Some systems (JWT, for instance) strip padding entirely and rely on the decoder to infer it from output length. If you paste a padded string into a JWT library and get an error, try removing the trailing `=` signs.

What is URL-safe Base64 and when do I need it?

Standard Base64 uses `+` and `/` as its 62nd and 63rd characters. Both are meaningful in URLs: `+` decodes as a space in query strings and `/` separates path segments. URL-safe Base64 (RFC 4648 §5) swaps them for `-` and `_`, which are URL-unreserved. JWTs, many OAuth tokens, and Google Cloud signed URLs all use URL-safe Base64 without padding. If you paste a standard-Base64 string into a URL and the server returns a 400, switching to URL-safe mode is usually the fix.

Why is my decoded file corrupt after a Base64 round-trip?

The most common cause is a line-break mismatch. Many encoders wrap output at 76 characters (MIME standard) or 64 characters (PEM), but some decoders reject whitespace while others silently accept it. A second cause is encoding a binary file as if it were a UTF-8 string — reading the bytes through a text decoder first scrambles code points above 127. Always treat binary input as raw bytes (`Uint8Array`) when encoding, and make sure the Base64 string you're decoding was generated from the same variant (standard vs. URL-safe) you're decoding with.

Is Base64 a form of encryption or obfuscation?

No. Base64 is purely an encoding scheme with no key and no secret. Anyone who sees the encoded string can decode it instantly with `atob()` in any browser console or the `base64 -d` command on any Unix system. It exists to move binary data through text-only channels, not to protect it. If you're storing tokens, credentials, or personal data in Base64 and treating it as secure, that's a vulnerability. Use AES-GCM or a similarly authenticated cipher if confidentiality is required.

What is the practical file size limit for encoding in the browser?

The V8 string length limit sits around 512 MB on 64-bit systems, and the Base64 output of a file is roughly 1.37× its input size, so the encoding step itself can handle files up to roughly 370 MB before the output string approaches that ceiling. In practice, browser memory is the real constraint: loading a 200 MB file into a `<input type=file>`, reading it as an ArrayBuffer, encoding it, and holding both representations in memory simultaneously can easily consume 600–800 MB of RAM. For files above ~50 MB, the command-line `base64` utility or Python's `base64` module is more appropriate.

Related Tools

Encoding

URL Encoder / Decoder

encode and decode URL percent-encoding for query strings and paths

Encoding

HTML Entity Encoder

encode and decode HTML entities for safe HTML embedding

Encoding

JWT Decoder

decode JWT tokens and inspect header, payload, and claims

Encoding

Hash Generator

generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text