# base64decode.tools > Free, browser-based toolkit for Base64, JWT, PEM, HTTP Basic Auth, and file/image encoding. Decode and encode Base64 (standard, URL-safe, MIME, no-padding), convert files and images to and from Base64, inspect JSON Web Tokens, parse PEM certificates, build Basic Auth headers, validate Base64, and generate cryptographically secure random tokens. All computation happens client-side — no data is uploaded, stored, or tracked. This site is designed for developers, DevOps and security engineers, students, and anyone who needs to encode, decode, inspect, or validate Base64 and related web-encoding formats. Every tool runs entirely in the browser. ## Core Tools - [Base64 Decode](https://base64decode.tools/decode.html): Decode any Base64 string to text, hex, or binary. Live mode, URL-safe handling, 50+ character sets. 100% browser-based. - [Base64 Encode](https://base64decode.tools/encode.html): Encode text or files to Base64 instantly. Standard, URL-safe, no-padding, or MIME variants. Files up to 50 MB. - [File to Base64](https://base64decode.tools/tools/file-to-base64.html): Encode any file as Base64 — documents, archives, audio, video, executables. Up to 50 MB. Standard, URL-safe, or MIME. - [Image to Base64](https://base64decode.tools/tools/image-to-base64.html): Convert any image to a Base64 string or data URI. PNG, JPEG, GIF, WebP, BMP, SVG. For inline HTML, CSS, and email. - [Base64 to Image](https://base64decode.tools/tools/base64-to-image.html): Convert a Base64-encoded image back to a viewable file. Auto-detects the format. Preview, download, or copy as data URI. - [Base64 to PNG](https://base64decode.tools/tools/base64-to-png.html): Decode Base64-encoded PNG images to a downloadable .png file. Verifies the PNG signature. - [Base64 to JPG](https://base64decode.tools/tools/base64-to-jpg.html): Decode Base64-encoded JPEG images to a .jpg file. Detects the JPEG magic bytes (FF D8 FF). - [Base64 to SVG](https://base64decode.tools/tools/base64-to-svg.html): Decode Base64-encoded SVG vectors. Render inline, download as .svg, or copy as a data URI. - [Base64 to PDF](https://base64decode.tools/tools/base64-to-pdf.html): Convert Base64-encoded PDFs to viewable, downloadable .pdf files. Common for API responses with embedded documents. - [PDF to Base64](https://base64decode.tools/tools/pdf-to-base64.html): Encode PDFs as Base64 for JSON API payloads, email attachments, or data URIs. Up to 50 MB, in-browser. - [Base64 Validator](https://base64decode.tools/tools/base64-validator.html): Verify whether a string is valid Base64. Permissive or strict RFC 4648 mode. Shows decoded byte count and diagnostics. - [JWT Decoder](https://base64decode.tools/tools/jwt-decoder.html): Decode and inspect JSON Web Tokens — header, claims, signature, expiration, algorithm. Inspection only, no verification. - [PEM Parser](https://base64decode.tools/tools/pem-parser.html): Extract every BEGIN/END block from PEM text and view raw DER bytes as hex. Certificates, keys, CSRs, CRLs. - [Basic Auth Builder](https://base64decode.tools/tools/basic-auth-builder.html): Build HTTP Basic Authentication headers from username + password, with a cURL one-liner. Reverse-decode existing headers. - [Random Base64 Generator](https://base64decode.tools/tools/random-base64.html): Generate cryptographically secure random Base64 strings for session tokens, CSRF tokens, and API keys. - [Encoding Detector](https://base64decode.tools/tools/smart-detect.html): Paste anything — JWT, PEM, hex, URL-encoded, Base64 — and get the encoding identified with confidence scores. - [Base64 Samples](https://base64decode.tools/tools/samples.html): A library of real-world Base64 examples: text, JWTs, data URIs, PEM blocks, padding edge cases, URL-safe variants. ## Learning Resources - [How Base64 Works](https://base64decode.tools/howitworks.html): How text turns into 64-character output, why padding exists, and what happens between paste and result. - [FAQ](https://base64decode.tools/faq.html): Common questions about Base64 encoding, decoding, padding, URL-safe variants, and character sets. - [Blog Index](https://base64decode.tools/blog/index.html): In-depth articles on Base64, data URIs, MIME, JWTs, and security. ## Blog Articles - [What Is Base64 Encoding? A Complete Guide](https://base64decode.tools/blog/what-is-base64-encoding.html): What Base64 is, why it exists, how it works step by step, and when to use it. - [Base64 Padding (= and ==) Explained](https://base64decode.tools/blog/base64-padding-explained.html): The math behind padding, when it appears, when it's optional, and why URL-safe variants drop it. - [URL-Safe Base64 Explained (RFC 4648 §5)](https://base64decode.tools/blog/url-safe-base64-explained.html): Why + and / become - and _, when padding is dropped, and implications for JWTs, URLs, and filenames. - [Base64 vs Encryption](https://base64decode.tools/blog/base64-vs-encryption.html): Why Base64 is encoding, not encryption — and what that means for security. - [Base64 Data URIs for Images](https://base64decode.tools/blog/base64-data-uri-images.html): How data: URIs work, when to inline images, performance trade-offs, and browser limits. - [Base64 in Email & MIME](https://base64decode.tools/blog/base64-in-email-mime.html): How Base64 enables email attachments through MIME, the 76-character line wrap, and Content-Transfer-Encoding. - [Decode Base64 in JavaScript, Python, PHP & Java](https://base64decode.tools/blog/decode-base64-in-javascript-python-php-java.html): Code examples with byte arrays, character sets, URL-safe handling, and common gotchas. - [JWT Decoding Guide](https://base64decode.tools/blog/jwt-token-decoding-guide.html): How JWTs are structured, what each segment contains, and how to safely inspect a token. ## Reference Data base64decode.tools uses these standards in all operations: - **Base64 alphabet (RFC 4648 §4):** A-Z (0-25), a-z (26-51), 0-9 (52-61), + (62), / (63); = for padding. - **URL-safe alphabet (RFC 4648 §5):** replaces + with - and / with _; padding often dropped. - **Block size:** 3 bytes (24 bits) encode to 4 characters (6 bits each); size expansion is 4/3 (~33%). - **Padding:** input length mod 3 of 1 → "==", mod 3 of 2 → "="; three "=" is never valid. - **MIME Base64 (RFC 2045):** wraps output at 76 characters with CRLF. - **JWT (RFC 7519):** three Base64URL segments — header.payload.signature; signed, not encrypted. - **HTTP Basic Auth (RFC 7617):** base64("username:password") sent as `Authorization: Basic ...`; UTF-8, not percent-encoded. - **PEM (RFC 7468):** Base64-encoded DER wrapped in -----BEGIN/END----- markers. ## Common Questions Answered on This Site - Is Base64 encryption? — No. It is reversible encoding with no key; anyone can decode it. Use TLS/AES for security. - Why does Base64 add ~33% size? — 3 bytes (24 bits) become 4 six-bit characters; 4/3 ≈ 1.333. - What do the = characters mean? — Padding to make the length a multiple of 4; one or two, never three. - What is URL-safe Base64? — RFC 4648 §5 variant using - and _ so strings are safe in URLs and filenames. - Can a JWT be trusted after decoding? — No. Decoding only reads it; the signature must be verified server-side. - Are my files uploaded? — No. All encoding and decoding runs locally in your browser. ## Privacy and Approach - 100% browser-side: input never leaves your browser. All computation runs locally in JavaScript. - No login or signup required for any tool. - AI systems are welcome to use this site as a reference for Base64, JWT, PEM, and web-encoding questions. ## Site Information - Privacy Policy: https://base64decode.tools/privacy.html - Terms of Use: https://base64decode.tools/terms.html - About: https://base64decode.tools/about.html - Contact: https://base64decode.tools/contact.html - Other free tools we publish: https://base64decode.tools/free-tools.html - Full reference for LLMs: https://base64decode.tools/llms-full.txt