What is Base64 encoding?

Base64 is a binary-to-text encoding scheme that converts binary data into ASCII characters. It is commonly used to encode data for transmission over media designed to handle text, such as email or JSON.

Is Base64 encryption?

No! Base64 is encoding, not encryption. It provides no security. Anyone can decode Base64 — it is meant for data formatting, not protection.

🔐 Base64 Encoder / Decoder

Encode text to Base64 or decode Base64 strings instantly

Input

Base64: Encoding vs. Encryption

Base64 is one of the most misunderstood tools in a developer's arsenal. It's not encryption — it's encoding, which means anyone can reverse it. Understanding when to use Base64 (and when not to) is essential for building secure, correct systems.

How Base64 Works

Base64 converts binary data into ASCII text using 64 characters: A-Z, a-z, 0-9, +, and /. It does this by grouping 3 bytes (24 bits) and splitting them into 4 groups of 6 bits, each representing a value 0-63.

This explains why Base64 output is about 33% longer than the original data: 3 bytes become 4 characters. The = padding at the end indicates how many bytes were in the final group.

Real-World Uses of Base64

Data URLs: Embed small images directly in HTML/CSS:

<img src="data:image/png;base64,iVBORw0KGgo...">

Email attachments: SMTP was designed for text, so binary attachments (images, documents) are Base64-encoded.

JSON APIs: When you need to include binary data in JSON, Base64 is the standard approach.

API authentication: Basic Auth uses Base64 encoding of "username:password", but it's not encryption.

Why Base64 Is NOT Encryption

This cannot be stressed enough: Base64 is not security. The "encoding" part of "encoding/decoding" is a hint. Base64 is trivially reversible. Anyone can decode it in seconds.

If you need to protect data, use proper encryption (AES, etc.) — not Base64. Base64 just makes binary data printable; it doesn't hide anything.

URL-Safe Base64 Variant

Standard Base64 uses +, /, and = characters. These cause problems in URLs and filenames:

/ conflicts with path separators
+ gets interpreted as a space in some contexts
= is special in query parameters

URL-safe Base64 replaces + with - and / with _, dropping the padding. Many APIs (JWTs, for example) use this variant.

Step-by-Step Guide

Enter your text or Base64 — Type or paste text to encode, or a Base64 string to decode.
Click Encode or Decode — Choose Encode to convert text to Base64, or Decode to convert Base64 back to plain text.
Copy the result — Use the copy button to copy the output to your clipboard.

Tips & Best Practices

Base64 is NOT encryption — It is just encoding, which anyone can reverse. Never use Base64 to hide sensitive data.
Base64 increases size by about 33% — Three bytes become four characters. Account for this in bandwidth calculations.
Common uses — Embedding small images in CSS/HTML (data URLs), encoding API credentials, storing binary data in JSON, email attachments in SMTP.
URL-safe variant — Standard Base64 uses +, /, and =. URL-safe Base64 uses - and _ instead, suitable for URL query parameters.

Frequently Asked Questions

Base64 is a binary-to-text encoding scheme that converts binary data into ASCII characters. It's commonly used to encode data for transmission over media designed to handle text, such as email or JSON.

No! Base64 is encoding, not encryption. It provides no security. Anyone can decode Base64 — it's meant for data formatting, not protection.

Common uses include: embedding images in HTML/CSS (data URLs), sending binary data in JSON APIs, encoding email attachments (MIME), and storing complex data in cookies.