Base64 Encoder / Decoder

Base64 is an encoding scheme that converts binary data or text into a safe ASCII string — commonly used to embed images in HTML/CSS, encode email attachments (MIME), pass binary data through JSON APIs, and store credentials in HTTP Basic Auth headers. To encode to Base64: type or paste your text above and the encoded output appears instantly. To decode Base64: paste the encoded string and switch to Decode mode. The tool handles UTF-8 text including special characters and emojis. Unlike server-based encoders, bitlist converts entirely in your browser — your data never leaves your device, making it safe for tokens, credentials, and private payloads.

About Base64 Encoder / Decoder

Bitlist's Base64 Converter is a fast, reliable, and privacy-focused tool for developers. It allows you to encode UTF-8 text into Base64 format or decode Base64 strings back into human-readable text.

Features

• Instant Conversion: Results appear automatically as you type. No clicking "Convert" required.
• UTF-8 Support: Correctly handles special characters, emojis, and non-Latin scripts (e.g., "Hello 🌍").
• Client-Side Only: Your data never leaves your browser. Encoding and decoding happen locally using modern JavaScript APIs.
• Large Payload Ready: Capable of handling large text blocks without freezing.

Common Use Cases

• Data Transmission: Ensure safe transmission of binary data (like images or credentials) over protocols like HTTP or SMTP.
• Basic Auth: Encode username:password combinations for HTTP Basic Authentication headers.
• Debugging: Decode JWT payloads (excluding signatures), messy email headers, or obscure API responses.

Example: Encode and Decode

Input

hello world

Encoded Output

aGVsbG8gd29ybGQ=

Decoded Output

hello world

Base64 vs URL-Safe Base64

Standard Base64 uses + and / characters, which can cause issues in URLs and query strings. URL-safe Base64 replaces those with - and _. If you are working with URL-safe tokens, convert them back to standard Base64 before decoding.

Troubleshooting Invalid Base64

• Whitespace: Remove extra spaces or line breaks before decoding.
• Padding: Missing = can cause decoding failures. Add padding if needed.
• URL-safe tokens: Replace - and _ with + and / before decoding.
• Non-Base64 characters: Remove characters outside the Base64 alphabet.

Best Practices

• Do not use Base64 as a security mechanism. It is reversible.
• Keep payload sizes small to avoid slow browser performance.
• Validate output when embedding Base64 in JSON or HTML.

Base64 for Binary Data

Base64 is often used to represent binary files (like images or certificates) inside text-based formats. If you are encoding binary data, make sure the source is correct and that the destination expects Base64.

Line Breaks and Formatting

Some systems insert line breaks every 76 characters, while others require a single continuous line. If decoding fails, remove line breaks and try again.

Encoding vs Hashing

Base64 is encoding, not hashing. It is designed for transport and storage, not security. If you need to protect data, use encryption or hashing rather than Base64.

Security Considerations

Never store secrets in Base64 alone. Treat Base64 strings as plain text and apply proper encryption if the content is sensitive.

API and Header Examples

• Basic Auth: Encode username:password for Authorization headers.
• Data URLs: Embed small images in HTML or CSS using Base64.
• Payload debugging: Decode opaque strings returned from APIs.

Suggested Workflow

1. Choose Encode or Decode mode.
2. Paste the full string without trimming characters.
3. Copy the result and validate it in the target system.

Frequently Asked Questions

Understanding Base64 Encoding in Depth

Base64 is a binary-to-text encoding scheme that represents binary data in ASCII string format using 64 printable characters. It converts every 3 bytes (24 bits) of binary data into 4 Base64 characters (6 bits each).

The Base64 Character Set

Base64 uses 64 characters: A-Z (26 chars), a-z (26 chars), 0-9 (10 chars), + and / (2 chars). The = character is used for padding.

• A-Z: Values 0-25
• a-z: Values 26-51
• 0-9: Values 52-61
• +: Value 62
• /: Value 63
• =: Padding character (not part of data)

Size Overhead: Why Base64 Increases File Size

Base64 encoding increases data size by approximately 33% (4/3 ratio). This happens because 3 bytes (24 bits) of binary data become 4 Base64 characters (32 bits including encoding overhead).

• Original: 3 bytes = 24 bits
• Encoded: 4 characters = 32 bits (8 bits per ASCII character)
• Overhead: 33% size increase (32/24 = 1.33)
• Example: 1MB file → 1.33MB Base64 encoded

Common Use Cases for Base64

1. HTTP Basic Authentication

Encode username:password for Authorization headers. Format: Authorization: Basic [base64-encoded-credentials]

Example: Username "admin", Password "secret123"

• Combine: admin:secret123
• Encode: YWRtaW46c2VjcmV0MTIz
• Header: Authorization: Basic YWRtaW46c2VjcmV0MTIz

2. Data URLs (Inline Images in HTML/CSS)

Embed small images directly in HTML or CSS using Base64 encoding. Reduces HTTP requests but increases page size.

Format: data:[MIME-type];base64,[encoded-data]

Example: <img src="data:image/png;base64,iVBORw0KGgoAAAA..." />

• Best for: Small icons (< 5KB), logos, inline SVGs
• Avoid for: Large images (increases page load time)

3. Email Attachments (MIME)

Email protocols (SMTP) are text-based. Binary attachments are Base64-encoded for transmission in email messages using MIME (Multipurpose Internet Mail Extensions).

4. JWT Tokens

JSON Web Tokens (JWT) use Base64Url encoding for header and payload. Format: header.payload.signature

Note: JWTs use Base64Url variant (URL-safe encoding) which replaces + with - and / with _

5. Binary Data in JSON/XML

JSON and XML are text formats. To include binary data (images, PDFs, certificates), encode it as Base64 string.

Base64 Variants

Standard Base64

• Characters: A-Z, a-z, 0-9, +, /
• Padding: Uses = for padding
• Use case: Email, general purpose encoding

Base64Url (URL-Safe)

• Characters: A-Z, a-z, 0-9, -, _ (replaces + and /)
• Padding: Often omitted in URLs
• Use case: URLs, JWT tokens, file names
• Why: + and / have special meaning in URLs and need escaping

Base64 with Line Breaks

• Format: Insert newline every 76 characters
• Use case: Email (MIME), PEM certificates
• Example: PEM certificates have "-----BEGIN CERTIFICATE-----" with 64-char lines

Converting Between Base64 Variants

To convert Base64Url to Standard Base64:

1. Replace - with +
2. Replace _ with /
3. Add padding (=) if needed (length must be multiple of 4)

To convert Standard Base64 to Base64Url:

1. Replace + with -
2. Replace / with _
3. Remove padding (=) characters

Common Base64 Errors and Solutions

Invalid Character Error

• Cause: Non-Base64 characters in input (spaces, newlines, special characters)
• Solution: Remove whitespace, ensure only A-Z, a-z, 0-9, +, /, = characters
• URL-safe variant: Replace - and _ with + and / before decoding

Invalid Padding Error

• Cause: Missing or incorrect = padding. Base64 length must be multiple of 4
• Solution: Add = padding until length is divisible by 4
• Example: "YWRtaW4" (7 chars) → "YWRtaW4=" (8 chars)

Decoding Returns Gibberish

• Cause: Original data was binary (image, PDF), not text
• Solution: Binary data decoded to text will show unreadable characters. This is expected—save as binary file instead

Line Break Issues

• Cause: Some systems insert line breaks every 76 characters (MIME format)
• Solution: Remove all line breaks before decoding: replace \r\n and \n with empty string

Performance Considerations

• Browser limits: Modern browsers handle strings up to 500MB-1GB, but performance degrades significantly
• Encoding speed: ~100MB/second on modern hardware for simple text
• Memory usage: Base64 string requires 33% more memory than original binary data
• Recommendation: For files > 10MB, use native file uploads instead of Base64

Security Considerations

• Base64 is NOT encryption: Anyone can decode Base64. Do not use for security
• Obfuscation only: Base64 makes data harder to read at a glance, but provides zero security
• Never store passwords in Base64: Use proper hashing (bcrypt, Argon2) instead
• HTTPS required: Base64 credentials in HTTP Basic Auth need HTTPS to prevent interception
• Avoid XSS: When embedding Base64 in HTML/JavaScript, sanitize to prevent XSS attacks

Best Practices

• Use for transport, not storage: Base64 is for transmitting binary data over text protocols, not long-term storage
• Validate before decoding: Check length and character set to avoid errors
• Remove whitespace: Strip newlines, spaces, tabs before decoding
• Add MIME type for data URLs: Always specify correct MIME type (image/png, application/pdf)
• Consider alternatives: For large files, use multipart/form-data uploads instead of Base64
• Compress first: If sending large text, compress (gzip) before Base64 encoding
• Cache encoded data: Encoding is CPU-intensive—cache results when possible

Real-World Examples

Example 1: Encoding Credentials for API

Scenario: Call API requiring Basic Authentication

Input: Username "api_user", Password "my_api_key_123"

Process:

1. Combine: api_user:my_api_key_123
2. Encode: YXBpX3VzZXI6bXlfYXBpX2tleV8xMjM=
3. Use: Authorization: Basic YXBpX3VzZXI6bXlfYXBpX2tleV8xMjM=

Example 2: Decoding JWT Payload

Scenario: Inspect JWT token payload

JWT Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Process:

1. Split by dots: [header, payload, signature]
2. Take payload part: eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ
3. Add padding if needed (already correct length)
4. Decode: {"sub":"1234567890","name":"John Doe","iat":1516239022}

Example 3: Embedding Small Icon in HTML

Scenario: Inline favicon to reduce HTTP requests

Process:

1. Convert image to Base64
2. Create data URL: data:image/png;base64,[encoded-data]
3. Embed: <link rel="icon" href="data:image/png;base64,..." />

Enhanced Frequently Asked Questions

What's the difference between Base64 and encryption?

Base64: Reversible encoding for data transport. Anyone can decode it—no security provided. Encryption: Requires a secret key to decrypt. Provides confidentiality and security. Never use Base64 for security—it's designed for compatibility, not protection. Use encryption (AES, RSA) for sensitive data.

Why do some Base64 strings have = at the end?

The = character is padding to ensure the Base64 string length is a multiple of 4. Base64 converts 3 bytes → 4 characters. If input isn't divisible by 3, padding is added: 1 byte remaining = 2 padding (==), 2 bytes remaining = 1 padding (=). Some systems (JWT, URL-safe Base64) omit padding for brevity.

Can I decode Base64 without special characters (+, /)?

If your Base64 string uses - and _ instead of + and /, you have Base64Url (URL-safe) encoding. Convert it first: replace - with + and _ with /, then add = padding if needed to make length divisible by 4. Then decode normally.

Why does decoding return strange characters?

The original data was likely binary (not text)—like an image, PDF, or executable. When decoded as text, binary data appears as unreadable characters. This is expected. To use the data, save it as a binary file with the correct extension (.png, .pdf, etc.) instead of viewing as text.

What's the maximum size I can encode?

Theoretical: No hard limit in Base64 specification. Practical: Browser string limits are 500MB-1GB depending on available memory. Performance: Encoding/decoding > 10MB becomes slow. Recommendation: Use Base64 for < 1MB data. For larger files, use direct binary uploads (multipart/form-data).

Does Base64 work with emojis and Unicode?

Yes, this tool uses UTF-8 encoding before Base64 conversion, which correctly handles emojis and all Unicode characters. For example, "Hello 🌍" encodes properly because UTF-8 converts the emoji to bytes first, then Base64 encodes those bytes. Without UTF-8 support, special characters would break.

Can I use Base64 for file uploads?

Possible but not recommended. Base64 increases file size by 33%, wastes bandwidth, and is slower than binary uploads. Better approach: Use multipart/form-data for file uploads (standard HTML form upload). When Base64 makes sense: APIs that only accept JSON (no binary support), embedding small files in JSON/XML documents.

How do I convert binary files to Base64?

This tool is for text ↔ Base64. For binary files (images, PDFs): Use browser FileReader API with readAsDataURL() or readAsBinaryString(), or command-line tools: Linux/Mac: base64 file.png, Windows PowerShell: [Convert]::ToBase64String([IO.File]::ReadAllBytes("file.png"))

Why do email programs use Base64?

Email protocols (SMTP, POP3, IMAP) were designed for 7-bit ASCII text only. Binary attachments (images, PDFs, executables) must be converted to text for transmission. MIME (Multipurpose Internet Mail Extensions) uses Base64 to encode binary attachments as ASCII text, allowing binary files to travel through text-only email infrastructure.

Is Base64 encoding reversible?

Yes, completely reversible. Base64 is deterministic: same input always produces same output, and decoding always returns exact original data. This is why Base64 provides zero security—anyone can decode it. For irreversible encoding, use hashing (MD5, SHA-256) instead.