Base64 Encoder / Base64 Decoder Online

0 chars
0 chars

Do you need to convert readable text to Base64 format for use in HTTP headers, or conversely, decipher the content of an API token? Our Base64 Text Encoder & Decoder is a specialized tool for working with text strings that can handle intricacies like diacritics or special characters.

Working with images?
If your code starts with data:image/png... or you want to convert a file to text, this tool will only show you gibberish. Please use our specialized tool for image conversion.

How does the Base64 format work?

Many people use Base64 daily, but few know how it works “under the hood.” It’s not magic, but simple bitwise mathematics.

Regular text in a computer is stored in 8-bit units (1 byte). Base64, however, uses an “alphabet” of 64 characters (A-Z, a-z, 0-9, +, /). Since 2^6 = 64, one Base64 character represents exactly 6 bits of information.

Conversion Process (Algorithm):

  1. Take three characters of your text (3 × 8 bits = 24 bits).
  2. These 24 bits are divided into four groups of 6 bits.
  3. Each group is assigned a character from the Base64 table.

Consequence: Because we convert 3 characters into 4 characters, the resulting Base64 string is always approximately 33% longer than the original text.

Character Set Problem: Why do common Base64 converters corrupt Czech text?

If you’ve ever tried to encode the word “Kůň” in a browser console using the btoa('Kůň') function, you probably got an error: String contains characters outside of the Latin1 range.

Base64 was originally designed for 7-bit ASCII characters. However, Czech, emojis, and other special symbols (UTF-8) occupy more bytes in memory (multibyte characters).

  • Letter a = 1 byte.
  • Letter ř = 2 bytes.
  • Emoji 🚀 = 4 bytes.

Our tool solves this problem. Before encoding to Base64, we correctly convert the text into a sequence of UTF-8 bytes. This allows you to safely encode JSON objects, Czech texts, and modern symbols without the risk of data corruption.

Where is Base64 text encoding used?

While Base64 images are mainly used for embedding in CSS/HTML, text-based Base64 has entirely different applications in backend systems:

1. HTTP Basic Authentication

When you log in to an API, the header often looks like this: Authorization: Basic dXppdmF0ZWw6aGVzbG8= Behind this code is simply a combined username and password in the format username:password. Our tool allows you to easily generate or check these headers.

2. JSON Web Tokens (JWT)

Modern web applications use what are called JWTs for authentication. Such a token looks like three long strings separated by dots. The data part (Payload) is a plain JSON object encoded in Base64.

  • Tip: Try pasting the middle part of your JWT token here and decoding it. You will see exactly what data the application stores about you (e.g., user ID, expiration).

3. Configuration Files (Kubernetes Secrets)

Platforms like Kubernetes store secrets in YAML configuration files using Base64. This is not encryption, but a way to store binary data or text with problematic characters (newlines, quotes) in a text file.

What is “URL Safe Base64 encoding” and why does it matter?

The standard Base64 alphabet contains the characters + (plus) and / (slash). Both of these characters have special meanings in URLs:

  • / separates directories.
  • + is often interpreted as a space.

If you were to send standard Base64 in a URL parameter (e.g., site.com?token=ab/cd+ef), the server might misinterpret the data.

Solution (URL Safe mode): Our toggle activates the Base64URL variant (according to RFC 4648), which performs these changes:

  • + changes to - (hyphen).
  • / changes to _ (underscore).
  • At the end, = characters (padding) are removed, as they are not needed in URLs.

Myth: Base64 is not encryption!

It is important to understand a fundamental difference that beginners often confuse:

  1. Encoding (Base64): Used for data transmission. It’s like packing an item in a suitcase so it doesn’t break during transit. Anyone who finds the suitcase can open it (decode) and see the contents. It is not secure for sensitive data.
  2. Encryption (AES, RSA): Locks data with a key. Without the key, you cannot access the content.
  3. Hashing (SHA, MD5): A one-way process (e.g., for storing passwords). The original text cannot be retrieved from the result.

If you need to send a password or sensitive information, Base64 alone is not enough. You must use HTTPS (SSL/TLS) to encrypt the transmission.

Frequently Asked Questions (FAQ)

What do the "=" characters at the end of the string mean? This is called "padding." Because Base64 encodes data in groups of 3 characters, the length of the original text may not be divisible by three. The `=` characters are added to the end so the decoder knows how many bits to ignore at the end.
Why does the decoded text appear as "gibberish"? You are likely trying to decode data that is not text. If a Base64 string represents a compressed file (ZIP), an image, or encrypted data, converting it to text (UTF-8) does not make sense. Try to determine the origin of the data.
Does the tool work offline? Yes. All conversion logic is written in JavaScript and runs directly in your browser. Once the page loads, you can disconnect from the internet, and the tool will still function. Your data is not sent anywhere.