Base64 Encode/Decode

Base64 is an encoding scheme that converts arbitrary binary data into a string made up of 64 printable ASCII characters — the letters A–Z and a–z, digits 0–9, plus the symbols + and /. It was designed to safely carry binary content through text-only channels that would corrupt or drop certain byte values. The most familiar real-world use is email attachments: the MIME standard requires that binary files such as images, PDFs, and documents be Base64-encoded before they can travel alongside plain-text email bodies. HTML and CSS use Base64 data URIs to embed small images or fonts directly in source code, reducing HTTP requests — you will see strings starting with data:image/png;base64, in style sheets and inline attributes. JWT tokens (JSON Web Tokens used for authentication) encode their header and payload sections in Base64url, a URL-safe variant that replaces + with - and / with _ and omits padding characters. The HTTP Basic Authentication header also Base64-encodes the username:password pair before sending it in the Authorization header. Developers frequently use it to pass binary configuration blobs in environment variables, YAML files, or command-line arguments that only accept plain text. This tool performs all encoding and decoding locally in your browser using the atob and btoa APIs plus FileReader for binary files — no data leaves your device. Practical tip: if you are embedding images as data URIs in CSS, keep the source file under 5 KB; larger images inflate your stylesheet size significantly and can hurt page load performance.

No — Base64 is absolutely not encryption, and you should never use it to hide passwords or any sensitive information. Base64 is a reversible encoding scheme with no secret key involved. Anyone who sees a Base64 string can decode it instantly using any Base64 decoder, including this very tool, in less than a second. There is no computational difficulty, no secret, and no security guarantee whatsoever. It is purely a format transformation designed for safe transport of binary data through text channels, nothing more. Storing a password as its Base64 equivalent is only marginally better than storing it in plain text — any attacker who obtains your database will decode it immediately. For passwords, you should use a proper one-way cryptographic hashing algorithm with a salt, specifically a purpose-built password hashing function such as bcrypt, scrypt, or Argon2. These are deliberately slow and memory-hard algorithms designed to make brute-force attacks expensive. For encrypting data that must be decryptable later, use a symmetric cipher such as AES-256-GCM or an authenticated encryption scheme. JWT tokens, which use Base64url encoding, are also not encrypted by default — their contents are fully visible to anyone; only the signature provides tamper detection. This tool runs entirely in your browser — no data leaves your device. Practical tip: if you receive a string that looks like random characters and ends with one or two equals signs, try decoding it as Base64 — that padding is a strong visual indicator of the format, and the decoded content will tell you immediately what you are looking at.

A decoded file that appears corrupted almost always points to one of a few specific causes. The most common is a line-ending issue: some Base64 implementations insert newline characters every 76 characters (per the MIME standard), while others produce a single unbroken string. If the encoder inserted newlines and your decoder does not strip them before processing, the resulting binary will be corrupted. This tool strips all whitespace from the input before decoding to avoid this problem. A second cause is a character-set mismatch: standard Base64 uses + and / as the 62nd and 63rd characters, but Base64url (used in JWTs and URL-safe contexts) uses - and _ instead. Pasting a Base64url string into a standard decoder causes invalid output — switch to URL-safe mode if your source is a JWT or a URL parameter. A third cause is truncated input: if the Base64 string was copied from a terminal that wrapped long lines, characters may be missing. The string length must be a multiple of four after padding; the tool reports an error if this is violated. Finally, saving decoded output with the wrong extension — for example a decoded JPEG saved as .txt — will make it appear corrupt in apps that rely on the extension. All processing runs locally in your browser — no data leaves your device. Practical tip: before decoding a large Base64 block, inspect its first few decoded bytes: a JPEG starts with FF D8 FF, a PNG with 89 50 4E 47, and a PDF with 25 50 44 46.

No — your file is never uploaded to any server. When you drag and drop a file onto the tool, the browser intercepts it using the HTML5 File API and passes a local File object directly to JavaScript running on the page. The file bytes are read into memory using the FileReader API, which operates entirely within your browser's sandbox without making any network request. You can verify this yourself by disconnecting from the internet, refreshing the page, and then dropping a file — the encoding will complete successfully because no network access is required at any point in the process. This architecture was a deliberate design choice for WikiPlus: processing happens entirely client-side so that sensitive documents, private images, authentication tokens, and proprietary files never leave your device. The encoded Base64 string is displayed directly in your browser and can be copied to the clipboard or downloaded as a text file, all locally. The tool uses the FileReader.readAsArrayBuffer method to obtain the raw bytes, converts them through a typed array, and then applies the btoa encoding function or a manual Base64 alphabet loop for larger files that exceed btoa's size limit. No telemetry, no logging, and no analytics capture the content of your files. Practical tip: if you are working with a file larger than about 50 MB, be aware that the resulting Base64 string will be approximately 33% larger due to the encoding overhead — a 60 MB file will produce roughly an 80 MB Base64 string, which may strain the browser's text rendering.