What Base32 is and why it exists
Base32 is an encoding scheme defined in RFC 4648 that represents any binary data using only 32 characters: the letters A-Z and the digits 2-7, plus = as padding. Each character carries 5 bits, so every 5 input bytes become exactly 8 output characters. Why another scheme when Base64 already exists? Because Base32 has two superpowers Base64 lacks: it is case-insensitive (no two characters differ only in case) and it avoids ambiguous characters — the alphabet contains neither 0 nor 1, so you can never confuse them with O or l. That makes it ideal for anything a human has to read, dictate over the phone or type by hand: the TOTP/2FA secret keys in Google Authenticator, names encoded in DNS (which is case-insensitive by design), and ULID identifiers, which use Crockford's Base32 variant.
How it works: 5 bytes become 8 characters
The algorithm takes the input bytes (here, your text encoded to UTF-8 with TextEncoder, so accents, ñ and emoji come out perfectly) and reads them as one continuous stream of bits. Each group of 5 bits is a number between 0 and 31, which maps to one character of the alphabet. Since 5 bytes = 40 bits = exactly 8 groups, the natural Base32 block is 8 characters. When the input is not a multiple of 5 bytes, the last group is completed with zero bits and the output is padded with = up to 8. The classic RFC example: foobar encodes to MZXW6YTBOI======, and fo to MZXQ====. You can verify it right now in the tool above.
Base32 vs Base64 vs Hex at a glance
| Base32 | Base64 | Hexadecimal | |
|---|---|---|---|
| Alphabet | 32 characters (A–Z, 2–7) | 64 characters (A–Z, a–z, 0–9, +, /) | 16 characters (0–9, A–F) |
| Bits per character | 5 | 6 | 4 |
| Size overhead | +60% (5 bytes → 8 chars) | +33% (3 bytes → 4 chars) | +100% (1 byte → 2 chars) |
| Case-sensitive | No | Yes | No |
| Ambiguous characters | No (neither 0 nor 1) | Yes (0/O, 1/l/I) | No |
| Typical uses | TOTP/2FA keys, DNS, ULID | MIME emails, data URIs, JWT | CSS colors, hashes, dumps |
The rule of thumb: if only a machine will ever read the result, use Base64 (more compact) — that is what our Base64 encoder and Base64 decoder are for. If a human will read, dictate or type it, or the channel ignores case (like DNS), Base32 is the right choice.
Where you run into Base32 in real life
- TOTP/2FA keys. The secret you scan as a QR code into Google Authenticator, Authy or 1Password is Base32. If the QR fails, the key you type by hand (like
JBSW Y3DP EHPK 3PXP) is too. - DNS and DNSSEC. Domain names ignore case, so encoding hashes into records (NSEC3) requires a case-insensitive alphabet.
- ULID. Sortable unique identifiers that use Crockford's Base32 (a variant with a different alphabet) to stay compact and readable.
- Human-friendly tokens. Activation codes, license keys and coupons that a person has to type without frustration.
Reference: the Base32 alphabet (RFC 4648)
| Value | Char | Value | Char | Value | Char | Value | Char |
|---|---|---|---|---|---|---|---|
| 0 | A | 8 | I | 16 | Q | 24 | Y |
| 1 | B | 9 | J | 17 | R | 25 | Z |
| 2 | C | 10 | K | 18 | S | 26 | 2 |
| 3 | D | 11 | L | 19 | T | 27 | 3 |
| 4 | E | 12 | M | 20 | U | 28 | 4 |
| 5 | F | 13 | N | 21 | V | 29 | 5 |
| 6 | G | 14 | O | 22 | W | 30 | 6 |
| 7 | H | 15 | P | 23 | X | 31 | 7 |
The = padding carries no value: it only completes the 8-character block when the input is not a multiple of 5 bytes.