Base64 turns arbitrary bytes into a text string using 64 printable characters, which lets binary data travel safely through systems that only handle text — email, JSON, data URIs, and JWTs. This tool encodes UTF-8 text or hex bytes into Base64 (or URL-safe Base64url) and decodes either variant back, all in your browser.
How it works
Base64 packs every 3 input bytes (24 bits) into 4 output characters (6 bits each):
- Encoding text first converts the string to UTF-8 bytes with
TextEncoder, so multi-byte characters such as emoji are preserved. - Each group of 3 bytes maps to 4 characters from the alphabet
A-Z a-z 0-9 + /; leftover bytes are padded with=. - Base64url then rewrites
+to-,/to_, and strips the=padding so the value is safe inside URLs. - Decoding reverses the process, normalising url-safe characters and restoring padding before rebuilding the bytes, then attempting a strict UTF-8 decode.
If a decode produces bytes that are not valid UTF-8, the tool shows hex rather than mojibake.
Why btoa fails on non-ASCII text
The browser’s built-in btoa() function only accepts strings where every character is in the Latin-1 range (code points 0–255). Pass it an emoji or a Chinese character and it throws a InvalidCharacterError. This tool avoids the problem by routing all text through TextEncoder first, which converts the JavaScript string to its UTF-8 byte representation, and then Base64-encodes those bytes. The result is a standard Base64 encoding of the UTF-8 form — the format that most modern APIs and libraries expect.
Worked examples
Encoding the text Hi gives SGk=. Encoding the hex bytes 48 69 (ASCII for “Hi”) gives the same SGk= — handy for verifying protocol payloads where you know the raw bytes.
Encoding the emoji 😀 gives 8J+YgA== (the Base64 of its 4-byte UTF-8 representation F0 9F 98 80). Decoding 8J+YgA== returns 😀.
Common formats you will encounter
JWT (JSON Web Token): three Base64url-encoded segments joined by dots: <header>.<payload>.<signature>. The header and payload are JSON; the signature is raw bytes. Paste any one segment into the decoder to read it — the tool recognises the multi-segment dot pattern and tells you to decode each part separately.
PEM certificate: a block starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE----- with 64-character-wrapped standard Base64 between the headers. Strip the headers and paste the body to inspect the DER-encoded certificate as hex.
data URI: data:image/png;base64,<payload> uses standard Base64 for the binary content. Strip the prefix to the comma, then decode the rest to see the raw file bytes.
When you paste a value shaped like xxxxx.yyyyy.zzzzz, the tool recognises a JWT and reminds you to decode the header and payload segments individually. PEM blocks and data: URIs are flagged too, so you know where the actual Base64 body lives.