Can I decode images and binary files?

This tool is built for text. For binary files, use terminal utilities like base64 -d on Linux/Mac.

Yes. Everything is processed in your browser via atob. Nothing is sent to a server or logged.

Tech

Base64 Decoder

Q: What does this decoder do?

It converts a Base64 string (standard or URL-safe) back to the original UTF-8 text. It auto-detects the variant and adds padding if missing.

Q: Why does it say "Invalid character"?

The string contains non-Base64 characters (spaces, dirty line breaks, weird symbols). The decoder strips whitespace automatically; if it still fails, check whether it really is Base64.

Convert any Base64 string back to the original text. Automatically detects URL-safe variant and adds missing padding when needed.

Base64 input

—

Decoded text

How decoding works

Decoding Base64 is the reverse of encoding: every 4 characters of the input become 3 bytes of output. The decoder takes three steps:

Strip whitespace, line breaks and invalid characters.
If it detects URL-safe variant (presence of - or _), replace them with + and /.
Add = padding until the length is a multiple of 4.

Then it applies atob (the browser's native primitive) and reinterprets the bytes as UTF-8 with TextDecoder. That correctly displays accents, emoji and non-Latin characters.

Common decoding errors

Strings with whitespace or line breaks. Email sometimes splits Base64 into 76-char lines with breaks. Clean them first (this decoder does it).
Missing padding. JWT-like strings drop trailing =. You add = until you reach a multiple of 4 (this decoder does it).
URL-safe variant unconverted. If your string has - or _, the standard decoder errors. Convert or use a decoder that supports it.
Non-UTF-8 data. If you decode something that wasn't text (a binary image), you'll see garbage. That's expected.

Real-world use cases

Base64 decoding shows up in many everyday development contexts:

Inspecting JWT. The JWT payload is URL-safe Base64. Decoding it reveals the claims (sub, iat, exp, etc.).
Reading Basic Auth. If you capture a Authorization: Basic ... header, decode it to see username:password.
Examining data URIs. An SVG embedded as data:image/svg+xml;base64,... can be decoded to read the XML.
Binary environment variables. Some tools store SSH keys or certificates as Base64 in env vars; decode to use them.
Kubernetes config. K8s Secrets live in Base64. kubectl get secret ... -o yaml shows them encoded; the decoder reveals the actual value.

Base64 and security

Worth repeating: Base64 is not encryption. If you found a key or token in Base64 in a public commit, assume it's compromised and rotate it. Any automated scanner decodes it in milliseconds.

Don't confuse a hash with Base64 either. Some hashes (bcrypt, for instance) look Base64-ish but aren't interchangeable: bcrypt uses its own variant with a different alphabet, and the hash is one-way, not decodable.

If the string doesn't decode cleanly

Check three things in order:

Does the string have stray characters from copy-pasting? Trim quotes, extra spaces and BOM.
Is it really Base64 or is it Base32, Base58 (Bitcoin) or hex? They're often confused.
Was the original data text? If it was binary, the output will look like garbage.

FAQ

What does this decoder do?

Converts a Base64 string (standard or URL-safe) to the original UTF-8 text. Detects the variant and adds padding if needed.

Why does it say "Invalid character"?

The string has non-Base64 characters. The decoder strips whitespace automatically; if it still fails, double-check it really is Base64.

Does it work with binary files?

Built for text. For binary, use terminal utilities like base64 -d.

Is it private?

Yes — everything in your browser via atob. Nothing is sent to a server.