Skip to main content
Ink·tab

Text ↔ Base64

Encode UTF-8 text to Base64 and back. URL-safe mode included.

Base64 result
aGVsbG8g7JWI64WVIPCfjLg=

Everything happens in your browser. Nothing is uploaded.

When to use it

Embedding binary in text, stashing API tokens in URLs, or hand-crafting a Basic auth header. Base64 is the standard way to carry bytes that aren't safe as plain ASCII.

How it works

Pick a direction at the top (Encode or Decode), paste into the left pane, and the result appears on the right live. ↔ Swap sends the current result back as the next input.

URL-safe option

+ and / collide with URL syntax, so embedding Base64 directly in a query string breaks. The URL-safe toggle swaps them for - and _ and strips trailing = padding — the flavor used by JWT, OAuth state parameters, and slug-safe filenames.

Common gotchas

  • Unicode / emoji — this tool routes text through a UTF-8 encoder first, so Korean, emoji, and other non-ASCII characters encode cleanly. Calling btoa() directly on them would throw InvalidCharacterError.
  • "atob failed" — whitespace and newlines are tolerated, but any character outside A-Z a-z 0-9 + / = (or - _ in URL-safe mode) is rejected.

Tokens · certificates · binary handled in-page

Encode/decode goes through stdlib (`btoa` · `atob`) directly, with URL-safe variant toggle. API keys, client secrets, and PEM certs stay inside the page.

Frequently asked questions

Is Base64 encryption?
No. Base64 is encoding, not encryption — anyone can decode it. It's a way to safely carry binary data through ASCII-only channels. If you need secrecy, layer real encryption (e.g., AES) on top.
Does this handle Unicode and emoji?
Yes. The tool routes input through a UTF-8 encoder before Base64-ing, so Korean, Chinese, Japanese, and emoji all encode correctly. Calling the browser's `btoa()` directly throws InvalidCharacterError on those — this tool sidesteps that.
What's the difference between Base64 and Base64URL?
Standard Base64 uses `+`, `/`, and `=`. Base64URL replaces `+` → `-`, `/` → `_`, and strips `=` padding so the output is safe in URLs. JWT, OAuth state, and slug-friendly filenames all use Base64URL. Toggle URL-safe to switch.
Why does decoding fail?
Base64 only allows A–Z, a–z, 0–9, `+`, `/`, `=` (or `-`, `_` in URL-safe mode). Any other character or a length not divisible by 4 will fail. Whitespace and newlines are tolerated.
Is Base64 case-sensitive?
Yes. Base64 is case-sensitive — `A` and `a` represent different values. You must preserve exact casing when decoding.