Base64 encoder / decoder

✨ Pro Tips for Best Results

• Character Limit: Base64 increases file size by ~33%. If you're sending large images, consider a direct binary transfer instead.
• URL Safety: If you're putting Base64 in a URL, remember to swap + with - and / with _.
• Secret Leakage: Never use Base64 to "hide" passwords. It is not encryption and can be decoded by anyone in seconds.

Base64 vs. Encryption: Why the confusion?

Many beginners mistake encoding (Base64) for encryption (AES). Encoding is a way to change data format so it can be safely transmitted over different systems. Encryption is a way to secure data so only authorized parties can read it. Base64 has no "key"—it's a public standard that anyone can reverse.

How Base64 encoding works

Base64 is a binary-to-text encoding scheme that represents binary data using only 64 ASCII-safe characters (A–Z, a–z, 0–9, +, /). It was designed to safely transmit binary data over channels that only support text — like email (MIME), URLs, and HTTP headers. Every 3 bytes of binary data become 4 Base64 characters, which is why Base64-encoded data is approximately 33% larger than the original.

This tool uses the browser's native btoa() (binary-to-ASCII) for encoding and atob() (ASCII-to-binary) for decoding, with UTF-8 support added via TextEncoder for non-ASCII characters. URL-safe Base64 replaces + with - and / with _ to avoid conflicts with URL syntax — useful for JWTs and query parameters. Base64 is not encryption: it is trivially reversible and provides no security. Any Base64 string can be decoded instantly. Do not use it to hide sensitive data.

⚠️ Common Mistakes to Avoid

• Using Base64 for encryption: Base64 is an encoding scheme, not a security measure, and can be easily reversed.
• Ignoring padding: Failing to include the '=' padding characters can lead to decoding errors in some systems.
• Encoding sensitive data: Never send unencrypted sensitive information via Base64 in public URLs.