FixToolsBrowse tools
Utilities
6 min read1,125 words

Base64 Encode and Decode Explained (With Free Online Tool)

Base64 encoding converts binary data into ASCII text so it can be safely transmitted over text-based systems. Learn how it works, when to use it, and how to encode or decode instantly online.

Read article
Share
Table of contents

You have probably seen Base64 without realizing it — in image URLs, API payloads, email attachments, and auth tokens. It is one of the most widely used encoding schemes in web development, yet its purpose is often misunderstood.

This guide explains what Base64 encoding is, why it exists, how the algorithm works, and when to use it in practice.

What is Base64 encoding?

Base64 is a way to convert binary data — images, files, arbitrary bytes — into a string of printable ASCII characters. The output contains only letters (A–Z, a–z), numbers (0–9), and the characters +, /, and =. No special characters, no null bytes, no control characters.

The reason this matters: many systems that transmit text — email protocols, JSON payloads, URLs, HTML attributes — are designed for ASCII text and may mangle, truncate, or reject raw binary data. Base64 gives you a way to send binary data through text-only channels safely.

To encode or decode Base64 without installing anything, use the FixTools Base64 Encoder and Base64 Decoder.

How Base64 encoding works

The algorithm processes input in groups of 3 bytes (24 bits) and converts each group to 4 Base64 characters (4 × 6 bits = 24 bits).

Step-by-step example

Take the word "Man" (3 bytes):

Character Binary
M 01001101
a 01100001
n 01101110

Combined: 010011010110000101101110 (24 bits)

Split into four 6-bit groups: 010011 010110 000101 101110

Convert each 6-bit value to its Base64 character using the Base64 alphabet:

  • 010011 = 19 → T
  • 010110 = 22 → W
  • 000101 = 5 → F
  • 101110 = 46 → u

Result: "TWFu"

You can verify this: paste Man into the Base64 Encoder and it returns TWFu.

Padding with `=`

What if the input is not a multiple of 3 bytes?

  • 1 remaining byte (8 bits): encoded as 2 Base64 characters, padded with ==
  • 2 remaining bytes (16 bits): encoded as 3 Base64 characters, padded with =

The padding tells the decoder how many bytes the last group represents.

What Base64 is NOT

It is not encryption

Base64 is completely reversible by anyone. There is no key, no secret. If you Base64-encode a password and store it in a database, anyone who reads the database can decode it in one step. Base64 provides zero security.

For encryption, use bcrypt or Argon2 for passwords, and AES or RSA for data that needs to be decrypted later.

It is not compression

Base64 actually makes data larger, not smaller. Every 3 bytes of input becomes 4 bytes of output — a 33% size increase. If you need to reduce file size, use an actual compression algorithm like gzip, Brotli, or zstd.

When to use Base64 encoding

Embedding images in HTML and CSS

Small images can be embedded directly as Base64 data URIs instead of separate file requests:

<img src="data:image/png;base64,iVBORw0KGgoAAAANS..." alt="icon" />

In CSS:

.icon {
  background-image: url("data:image/png;base64,iVBORw0KGgoAAAANS...");
}

This eliminates an HTTP request — useful for small icons and UI elements used across many pages. The trade-off is that the Base64 string is ~33% larger than the original file and cannot be cached separately from the HTML or CSS.

Sending binary data in JSON

JSON is text. It cannot contain raw binary. If an API needs to transmit an image, audio file, or PDF within a JSON payload, the binary content is Base64-encoded first:

{
  "filename": "invoice.pdf",
  "content_type": "application/pdf",
  "data": "JVBERi0xLjQKJeLj..."
}

The recipient decodes the data field to recover the original binary file.

Storing binary data in text-based systems

Some databases, configuration files, and message queues handle only text. Base64 lets you store binary data — cryptographic keys, certificates, image thumbnails — in fields designed for strings.

Auth tokens and cookies

JSON Web Tokens (JWTs) use Base64URL encoding for their header and payload sections. The three parts of a JWT (header.payload.signature) are each Base64URL-encoded, making the token a printable, URL-safe string:

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTYifQ.SflK...

Decoding the first two sections reveals the algorithm and claims — not a security issue, since JWTs are not encrypted by default, just signed. The signature prevents tampering but the payload is readable.

Email attachments

The MIME standard uses Base64 to encode email attachments. When your email client sends a PDF, the binary PDF is Base64-encoded and transmitted as ASCII text within the MIME message. The recipient's client decodes it back to the original file. This is why email protocol (SMTP) can send binary files even though it was originally designed for plain text.

URL-safe Base64

Standard Base64 uses + and /, which are special characters in URLs:

  • + means a space in URL-encoded query strings
  • / is a path separator

URL-safe Base64 (also called Base64URL) replaces these:

  • +-
  • /_

It also typically omits the = padding. This variant is used in JWTs, OAuth tokens, and any context where the encoded string will appear in a URL or filename.

When decoding, match the variant to what was used for encoding. A standard decoder may fail on URL-safe Base64 if it does not recognize - and _.

Decoding Base64: reading what is inside

If you receive a Base64-encoded string and want to see the content, paste it into the Base64 Decoder. The tool converts the Base64 characters back to the original bytes.

If the original content was plain text (like a JWT payload or a configuration value), you will see the decoded text immediately. If it was binary (like an image or PDF), you will get raw bytes — which you would save as a file with the appropriate extension.

Inspecting a JWT

JWTs are a common place to encounter Base64 in the wild. To read the claims in a JWT:

  1. Copy the middle section (between the two dots)
  2. Paste it into the Base64 Decoder
  3. Add == padding if needed (JWTs use URL-safe Base64 without padding)
  4. Read the decoded JSON

You will see the user ID, expiry time, roles, or whatever claims the token contains. This is public information in a JWT — it is the signature that prevents tampering, not encoding.

Base64 in the browser

Modern browsers support Base64 natively without any library:

// Encode
const encoded = btoa('Hello, World!');
// Returns: 'SGVsbG8sIFdvcmxkIQ=='

// Decode
const decoded = atob('SGVsbG8sIFdvcmxkIQ==');
// Returns: 'Hello, World!'

btoa (binary to ASCII) encodes. atob (ASCII to binary) decodes.

Note: btoa only handles Latin-1 characters. For Unicode strings, encode to UTF-8 first:

// Encode UTF-8 string
const encoded = btoa(unescape(encodeURIComponent('Hello 🌍')));

// Decode UTF-8 string
const decoded = decodeURIComponent(escape(atob(encoded)));

In Node.js, use the built-in Buffer class:

// Encode
const encoded = Buffer.from('Hello, World!').toString('base64');

// Decode
const decoded = Buffer.from('SGVsbG8sIFdvcmxkIQ==', 'base64').toString('utf8');

Quick reference

Use case Format Notes
Image in HTML/CSS data:image/png;base64,... Good for small icons only
Binary in JSON Standard Base64 string Decode on receipt
JWT tokens Base64URL (no padding) Header and payload only
Email attachments Standard Base64 Handled by email client
URL parameters Base64URL Use - and _ instead of + and /

Encode or decode Base64 now

Paste any text or binary data into the FixTools Base64 Encoder to get the encoded string instantly. To reverse the process, use the Base64 Decoder. No sign-up, no installation required.

Try it free — right in your browser

No sign-up, no uploads. Your data stays private on your device.

Base64 Encoder🔧 Base64 Decoder

Frequently asked questions

6 questions answered

  • QIs Base64 a form of encryption?

    No. Base64 is encoding, not encryption. Encryption requires a key and is designed to hide information — decoding encrypted data without the key is computationally infeasible. Base64 is completely reversible by anyone with the encoded string and takes no key at all. It is designed for safe data transmission, not security. Never use Base64 to protect sensitive data like passwords, API keys, or personal information — it provides zero security.

  • QWhy does Base64 increase file size by about 33%?

    Base64 converts every 3 bytes of binary data into 4 ASCII characters. Three bytes is 24 bits of actual data. Four Base64 characters at 6 bits each is also 24 bits — the same data, but now spread across 4 bytes instead of 3. This is a 33% overhead. In other words, a 100KB image embedded as Base64 becomes roughly 133KB of text. This is the cost of encoding binary data as safe ASCII text.

  • QWhat does the equals sign (=) at the end of a Base64 string mean?

    Base64 encodes data in groups of 3 bytes. If the input data is not a multiple of 3 bytes, padding is added to make the final group complete. One = means one byte of padding was added; == means two bytes of padding. This tells the decoder exactly how to handle the last group of characters. Many Base64 implementations use URL-safe Base64 which omits the padding, so you may also encounter Base64 strings without trailing = signs.

  • QWhat is URL-safe Base64?

    Standard Base64 uses + and / characters, which have special meaning in URLs (+ is a space in URL encoding, / is a path separator). URL-safe Base64 replaces + with - and / with _ so the encoded string can be used in a URL, filename, or query parameter without percent-encoding. When decoding, it is important to use the correct variant — a standard Base64 decoder may fail or produce incorrect output on URL-safe Base64 strings.

  • QCan I encode images in Base64 for use in CSS?

    Yes. Small images (icons, simple SVGs, tiny PNGs) can be embedded directly in CSS as Base64 data URIs: background-image: url("data:image/png;base64,iVBOR..."). This eliminates an HTTP request, which can improve performance for small, frequently used assets. The trade-off is file size — the Base64 string is larger than the binary file, and it cannot be cached separately from the CSS file. This technique is most beneficial for images under 1–2KB.

  • QWhat characters does Base64 use?

    Standard Base64 uses 64 characters: uppercase letters A–Z (26), lowercase letters a–z (26), digits 0–9 (10), plus (+) and forward slash (/). With the = padding character, that is 65 characters total. Each character encodes 6 bits of data (since 2^6 = 64). URL-safe Base64 replaces + with - and / with _ to make the output safe for use in URLs and filenames.

OK

O. Kimani

Software Developer & Founder, FixTools

Building FixTools — a single destination for free, browser-based productivity tools. Every tool runs client-side: your files never leave your device.

About the author
UtilitiesAll articlesbase64 encode decode

Related articles

Developer & Web

Best Free JSON Formatter and Validator Online (2026)

Format messy JSON instantly and catch syntax errors before they break your app. Free browser-based JSON formatter and validator. No signup, no install.

Read articleDeveloper & Web

How to Convert CSV to JSON Online (Free & Instant)

Convert a CSV file or spreadsheet export to valid JSON in seconds. Learn the format differences, conversion rules, and how to handle edge cases like nested data and special characters.

Read article

More from the blog

How to Create a Color Palette from an Image (Free Online Tool)

Read →

How to Generate Lorem Ipsum Text (And When to Use It)

Read →

Free Online SQL Formatter: Format and Beautify SQL Queries Instantly

Read →