Base64 Encode / Decode
Encode text or any file to base64, or decode base64 back to text. Standard and URL-safe alphabets. Runs in your browser, because what you base64 is almost always a credential.
0 characters
0 characters · 0 bytes
Encode an arbitrary file as base64
How to encode or decode base64 online
Pick the direction (Text → Base64 or Base64 → Text). Paste your data. The output updates as you type. Toggle URL-safe if your target is a URL, a JWT, or any context where + and / would need escaping. For arbitrary binary files, expand the file panel at the bottom and drop in any file — ToolChop reads its raw bytes and produces the base64 string.
Why a local base64 tool matters
The strings developers most often base64-encode are credentials: HTTP Basic Auth headers (user:password → Authorization: Basic <base64>), OAuth client secrets, signed-URL fragments, JWT payloads, and encrypted token blobs. Uploading any of those to a third-party encoder is exactly the threat model you are trying to avoid. ToolChop runs the encoder entirely in your browser — you can verify in DevTools → Network that no request fires when you encode.
Standard vs URL-safe base64
Standard base64 (RFC 4648 §4) uses A–Z a–z 0–9 + / =. URL-safe base64 (RFC 4648 §5) swaps + for -, / for _, and typically drops = padding so the value can be embedded in a URL or JWT segment without escape sequences. The URL-safe toggle on this page applies both transformations consistently in both directions.
What you can do
- Encode UTF-8 text to base64 (and back)
- Toggle between standard and URL-safe alphabets
- Auto-fix for missing
=padding and stray whitespace - Encode arbitrary files (PDFs, ZIPs, certificates, anything) to base64
- Swap input ↔ output for round-trip verification
Frequently asked questions
How do I encode or decode base64 online for free?
Pick Text → Base64 or Base64 → Text at the top. Paste your text in the Input box. The output updates as you type. Toggle URL-safe if you need the RFC 4648 §5 alphabet (e.g. JWTs use URL-safe). Click Copy to put the result on your clipboard. No account, no upload, no daily limit.
Does ToolChop send my data to a server?
No. Encoding and decoding run entirely in your browser using JavaScript's built-in btoa / atob plus a UTF-8 encoder. Your input never leaves your device — critical for the most common base64 use cases: HTTP Basic Auth credentials, OAuth client secrets, JWT payloads, encrypted token blobs.
Why is the privacy story for a base64 tool important?
The strings developers most often base64-encode are credentials: HTTP Basic Auth tuples (user:password → Authorization header), OAuth client secrets, signed S3 URL fragments, JWT payloads, encrypted message bodies. Pasting any of those into a third-party encoder that logs requests is a needless leak. ToolChop runs the encoder entirely in your browser.
What is the difference between standard and URL-safe base64?
Standard base64 (RFC 4648 §4) uses A–Z a–z 0–9 + / =. URL-safe base64 (RFC 4648 §5) replaces + with - and / with _ and usually omits = padding, so the value can sit in a URL or JWT segment without escaping. ToolChop's URL-safe toggle does both: applies the alternative alphabet and strips/replays padding as needed.
What encoding does ToolChop use for the input text?
UTF-8 — the universal default. So 'café' encodes to Y2Fmw6k= (the é is two bytes: 0xC3 0xA9). If you are decoding base64 produced by a tool that used UTF-16 or Windows-1252, the round-trip will mojibake — make sure both sides use UTF-8.
What happens if my base64 is malformed?
Common causes: a stray %, an HTML entity, or non-base64 characters introduced by copy/paste. ToolChop shows a clear error message. URL-safe alphabet, missing padding, and stray whitespace are all auto-fixed — only truly invalid characters fail.
Can I encode a file (image, PDF, anything)?
Yes. Expand the 'Encode an arbitrary file as base64' panel near the bottom. Pick any file from your device and ToolChop reads its raw bytes and produces the base64 string. This is what you need for embedding small binary blobs in JSON, environment variables, or data URLs.
What is base64 typically used for?
Encoding binary data so it can survive transport through text-only systems. The classic examples: HTTP Basic Auth headers (Authorization: Basic <base64>), data: URLs in CSS or HTML, JWT segments (which use URL-safe base64), embedding small files in JSON or environment variables, encoding cryptographic keys for transport.
Why is the encoded length about 33% larger than the source?
Base64 packs 3 bytes of binary into 4 ASCII characters, so the encoded length is roughly 4/3 the source length (plus up to 2 padding chars). That overhead is the cost of making binary data safe to ship through text protocols.
Can I round-trip text safely?
Yes — text → base64 → text is lossless and exact for any UTF-8 input. The only caveat is that some characters look similar but are different (e.g. straight vs curly quotes); paste from the source you trust to avoid surprise.
Is there a length limit?
Only your browser's memory. Modern browsers can handle multi-megabyte base64 strings, though pasting a 50 MB encoded string may take a second or two before processing begins. For file encoding, encoding a 100 MB binary takes a few seconds — perfectly fine.
Why use ToolChop instead of an online encoder that sends my data over the wire?
Privacy and audit-ability. The strings most often base64-encoded are credentials. ToolChop's encoder runs entirely in your browser — you can verify in DevTools → Network that no request fires when you encode. There is no log, no temporary storage, no third party that ever sees your data.