How to Encode and Decode Base64 Online (Free)
Base64 encoding is everywhere: inside JWTs, email attachments, data URIs, API payloads, and config files. Yet most developers reach for a command-line tool or hunt for a trustworthy online converter every time they need to quickly encode or decode a string. This guide shows you how to encode and decode Base64 instantly in your browser for free — no sign-up, no file uploads, no server involved. Everything runs locally with the FileReader API and the browser's built-in btoa/atob functions, so your data never leaves your device.
What Is Base64 and Why Is It Used?
Base64 is a binary-to-text encoding scheme that represents binary data using only 64 printable ASCII characters: A–Z, a–z, 0–9, plus (+), slash (/), and the equals sign (=) as padding. The name comes directly from that character set size. The original motivation for Base64 was email. The early SMTP protocol was designed to carry 7-bit ASCII text. Binary attachments — images, executables, documents — simply could not be transmitted as-is without corruption. MIME (Multipurpose Internet Mail Extensions) standardized Base64 as the way to encode binary data into safe ASCII before sending it over text-only channels. Decades later, Base64 remains essential for several reasons. HTTP headers, JSON payloads, and XML documents are all text-based formats. When you need to embed binary data — a small image, a certificate, a cryptographic key — inside one of these formats, Base64 is the standard approach. Data URIs in HTML and CSS use Base64 to embed images directly in markup without a separate file request. JWTs encode their header and payload as Base64url (a URL-safe variant). Basic HTTP authentication encodes credentials as Base64 in the Authorization header. One important clarification: Base64 is encoding, not encryption. It provides no confidentiality whatsoever. Anyone who receives a Base64 string can decode it in seconds. Never rely on Base64 to protect sensitive information — use proper encryption for that.
How to Encode Text and Files to Base64
Encoding a plain text string to Base64 is straightforward. Open the WikiPlus Base64 Encoder/Decoder, select the Text tab, paste or type your string into the input field, and click Encode. The result appears instantly in the output area. Click Copy to grab it for use elsewhere. For files, switch to the File tab. Click the upload area or drag a file onto it. The tool uses the browser's FileReader API to read the file locally — it never uploads anything to a server. Once the file is read, the Base64 string appears in the output field. You can encode any file type: images, PDFs, JSON files, certificates, audio clips. Encoded file output typically includes a data URI prefix like data:image/png;base64, followed by the encoded string. This prefix is required when embedding the data directly in HTML or CSS. If you only need the raw Base64 string (for an API payload, for example), you can strip the prefix manually or check whether your target system expects it or not. A quick size note: Base64-encoded data is approximately 33% larger than the original binary. This is a fundamental property of the encoding — every 3 bytes of binary become 4 ASCII characters. Factor this overhead into your decisions when choosing between Base64 embedding and separate file references.
How to Decode Base64 Back to the Original
Decoding is just as simple. Paste any Base64 string into the input field and click Decode. The tool will render the decoded output as text if it is valid UTF-8 or ASCII. If the original data was a binary file, the decoded output will be offered as a download so you can recover the original file. You will often encounter Base64 strings that include a data URI prefix — for example, data:application/pdf;base64,JVBERi0xLj... — when working with HTML canvas exports or file APIs. The WikiPlus tool handles these automatically, stripping the prefix before decoding. If decoding produces garbled text, there are a few likely causes. First, the input may be Base64url-encoded rather than standard Base64. Base64url replaces + with - and / with _ to make the string safe for use in URLs and filenames. You may need to reverse those substitutions before decoding. Second, the input may have line breaks or whitespace inserted every 76 characters, which is standard for MIME-encoded email content. Remove those line breaks first. Third, the padding (=) characters at the end may have been stripped — some implementations omit them — and you may need to add them back. A correctly encoded Base64 string will always have a length that is a multiple of 4 (counting padding). If yours does not, that is often the first clue that something has been modified.
Common Real-World Uses and Tips
Understanding when and how to apply Base64 encoding saves time and prevents integration errors. Here are the most common real-world scenarios. Embedding images in HTML or CSS: use a data URI like src="data:image/png;base64,..." for small icons or inline images that you want to eliminate as separate HTTP requests. This trades a network round-trip for a larger HTML document, so it is best suited for images under 5 KB. API authentication: HTTP Basic Auth sends credentials as Base64(username:password) in the Authorization header. This is not secure over plain HTTP because Base64 is trivially reversible — always pair Basic Auth with HTTPS. Working with JWTs: a JWT has three parts separated by dots, each Base64url-encoded. The header and payload are just JSON objects encoded with Base64url. Decode them to inspect claims, expiry times, and algorithm information. The signature (the third part) is a cryptographic value and decoding it gives raw bytes, not readable text. Config files and environment variables: Base64 encoding is often used to pass binary data (certificates, SSH keys) as environment variables. Tools like Kubernetes secrets store values as Base64-encoded strings. Decode them to verify the content before use. Email debugging: when troubleshooting MIME email issues, the body of an email with attachments is often Base64-encoded. Decode the relevant section of the raw email source to inspect attachments or HTML bodies directly. Always double-check which variant of Base64 your target system expects: standard Base64, Base64url, or MIME Base64 with line wrapping.
Frequently Asked Questions
- Is Base64 encoding the same as encryption?
- No. Base64 is a reversible encoding scheme, not encryption. It converts binary data into printable ASCII characters so it can be safely transmitted in text-based formats. Anyone who receives a Base64 string can decode it instantly without any key or password. If you need to protect sensitive data, use a proper encryption algorithm such as AES-256 — and apply Base64 encoding afterward only if you need the ciphertext in a text-safe format.
- Why does my Base64 string end with one or two equals signs?
- The equals sign (=) is padding. Base64 encodes 3 bytes at a time into 4 characters. If the input is not a multiple of 3 bytes, the encoder adds 1 or 2 bytes of zero padding and marks them with = at the end of the output string. A string ending in == had one meaningful byte in the last group; one = means two. Some systems strip padding, which is fine as long as the decoder knows to expect it — just add the missing = characters back if you get a decode error.
- What is the difference between Base64 and Base64url?
- Standard Base64 uses + and / as two of its 64 characters. These characters have special meaning in URLs and file paths, which causes problems when a Base64 string is placed in a URL query parameter or used as a filename. Base64url is a URL-safe variant that substitutes - for + and _ for /. It also typically omits the trailing = padding. JWTs and many modern web APIs use Base64url. If you decode a Base64url string with a standard Base64 decoder without converting those characters first, you will get incorrect output or an error.