Cipher Decipher

Encoding & Decoding

Base64 Encode / Decode

Encode text to Base64 or decode Base64 payloads with UTF-8-safe handling.

Share this tool

Cipher DecipherCipher Decipher
Plain text Tool

Introduction

Working with JSON Web Tokens (JWT), data URLs, or HTTP Basic Authentication? Base64 is the undisputed standard for safely transporting binary or non-ASCII data across text-based protocols. Without proper byte-handling, encoding emojis or special characters can result in corrupted mojibake. Paste your string below to instantly encode or decode UTF-8 safe Base64 strings. All processing occurs securely in your browser's memory without sending data to external servers.

What this tool does

  • Encodes Unicode and UTF-8 text into a Base64 ASCII string using browser-native APIs.
  • Decodes Base64 payloads back into readable text via `TextDecoder` to prevent character corruption.
  • Automatically strips whitespace and newlines, allowing you to paste wrapped blocks like PEM files.
  • Surfaces clear, bracketed validation errors when encountering invalid alphabets or malformed padding.
  • Executes entirely on the client-side for zero latency and absolute privacy.

How this tool works

When encoding, the tool first parses your input using `TextEncoder` to generate a clean UTF-8 byte array. It translates each byte into a binary string chunk, passing it to the browser's native `btoa` (Binary to ASCII) function. This generates the familiar pattern of uppercase and lowercase letters, numbers, plus (`+`), and slash (`/`), appending equals signs (`=`) for padding.

When decoding, the tool aggressively strips whitespace or newlines—allowing you to safely paste block-formatted strings like PEM certificates or wrapped email headers. It then uses `atob` and reconstructs the data via `TextDecoder` using strict UTF-8 semantics.

This methodology prevents the classic "Latin-1" corruption errors common in naive Base64 scripts. Because the entire operation runs client-side in JavaScript, your JWT payloads or authorization headers are never logged to a remote server.

How the cipher or encoding works

Base64 is an encoding scheme formally defined by the IETF in RFC 4648. Its purpose is to represent arbitrary binary data using only 64 safe, printable ASCII characters.

The algorithm operates by taking 24-bit chunks of input (three 8-bit bytes) and dividing them into four 6-bit units. Since $2^6 = 64$, each of these 6-bit units can be mapped perfectly to the 64-character alphabet (`A-Z`, `a-z`, `0-9`, `+`, and `/`).

If the input data is not perfectly divisible by 24 bits, the algorithm pads the remaining bits with zeros and adds one or two `=` characters to the end of the output string. This signals to the decoder exactly how much padding was applied. Base64 expands the size of the original data by exactly 33%. As a pure encoding format, it offers zero cryptographic security.

How to use this tool

  1. Select Encode if converting raw UTF-8 text into a Base64 string, or Decode if reversing a payload back to readable text.
  2. Paste your target string into the primary input box. The tool automatically removes line breaks from copied text like PEM files or email attachments.
  3. View the live result in the output panel. If the payload lacks proper padding or contains an invalid alphabet, the tool will throw a bracketed validation error.
  4. Click the Copy button to grab the exact output for your HTTP headers, CSS files, or debugger.

Real-world examples

Debugging JWT Claims

A security engineer intercepts an Authorization header containing a JSON Web Token (JWT). They copy the middle segment (the payload) and paste it into the decoder. The tool instantly reveals the JSON object containing the user claims, allowing the engineer to inspect the roles array without trusting a third-party token debugger.

Inline CSS Image Embedding

A frontend developer wants to reduce HTTP requests by embedding a small SVG icon directly into their CSS. They paste the raw XML code into the encoder, generating a Base64 string. They then format it as `url(data:image/svg+xml;base64,...)` within their stylesheet for instant rendering.

Configuring HTTP Basic Auth

An administrator configuring a legacy API needs to generate an HTTP Basic Auth header. They input `admin:supersecret` into the encoder, which yields `YWRtaW46c3VwZXJzZWNyZXQ=`. They append this to their `Authorization: Basic` header to authenticate successfully via curl.

Comparison with similar methods

MethodComplexityTypical use
Base64MediumText-safe transport of binary data (JWTs, data URLs)
Base62MediumURL shorteners, alphanumeric identifiers
Hexadecimal (Base16)LowCryptographic hashes, simple byte representation

Limitations or considerations

Base64 encoding increases the original payload size by exactly 33%. For massive files, this overhead can significantly impact bandwidth and memory usage. Additionally, Base64 is strictly an encoding format, not encryption. Anyone who intercepts the string can decode it instantly without a key.

Frequently asked questions

Conclusion

Base64 remains the backbone of data transport on the modern web, essential for APIs, data URLs, and email protocols. Use the tool above to safely manipulate your payloads, or explore our Base62 encoder for strict URL-safe identifier generation.

Embed Base64 Encode / Decode
Customize and generate embed code for your website or application