About Base64 Decoding

Base64 encoding converts arbitrary binary data into a string of 64 printable ASCII characters, making it safe to transmit through systems that only handle text. Decoding reverses this process, converting the Base64 string back into the original binary data, which is then interpreted as UTF-8 text. It is defined in RFC 4648.

The RFC 4648 Alphabet

The standard Base64 alphabet uses 64 characters: uppercase A–Z, lowercase a–z, digits 0–9, plus + and /. The = character is used for padding to align output to groups of 4 characters. Every 4 Base64 characters decode back to 3 bytes of original data.

How Padding Works

Because 3 bytes map to 4 Base64 characters, inputs whose length is not a multiple of 3 require padding. One missing byte produces one padding character (=); two missing bytes produce two (==). This tool auto-corrects missing padding silently — a common occurrence with JWT payloads and URL-safe tokens.

Base64URL Mode (RFC 4648 §5)

Base64URL replaces + with - and / with _, and omits = padding. This variant is safe to embed directly in URLs and filenames without percent-encoding. Enable "Base64URL Mode" to decode tokens using this alphabet.

Common Use Cases

• HTTP Basic Authentication — the Authorization header encodes credentials as username:password in Base64
• JSON Web Tokens (JWT) — header and payload segments are Base64URL-encoded
• Data URIs — embedded images and files in HTML or CSS use Base64-encoded content
• Configuration values — binary configuration blobs encoded as Base64 strings in YAML or JSON
• OAuth tokens — URL-safe Base64 used in access tokens and authorization codes

UTF-8 Interpretation

After decoding the Base64 bytes, this tool interprets them as UTF-8 text using the browser's native TextDecoder API with fatal: false. When decoded bytes are not valid UTF-8 (such as raw binary data or non-UTF-8 encodings), replacement characters (�) are inserted and a warning is shown — rather than producing corrupted output silently.