ToolJutsu
All tools
Developer Tools

Base64 Decoder

Decode Base64 strings back to UTF-8 text in your browser.

Paste a Base64 string below to decode it back to UTF-8 text. For the reverse direction, encoding files, or round-tripping binary, use the full Base64 Encoder & Decoder.

Whitespace and line breaks are ignored. The decoder is UTF-8-safe.

0 characters decoded
Processed on your device. We never see your files.

How to use Base64 Decoder

What is Base64?

Base64 is an encoding that maps any sequence of bytes onto 64 printable ASCII characters — the letters AZ and az, the digits 09, and the symbols + and /, plus = as padding. It was standardised in the 1980s to let binary data travel safely through systems that were designed only to handle text. Every three bytes of input become four Base64 characters, which is why Base64-encoded data is always about 33% larger than the binary it represents.

Why decode Base64?

You see Base64 in three places more than anywhere else:

  • Email attachments and certificates. PEM-format TLS certificates, SSH keys and the multipart sections of an email are all wrapped in Base64. When something looks like a wall of gibberish letters with the occasional = at the end, decoding it usually reveals the real payload — text, a binary file header, or another encoded layer.
  • API payloads. Many APIs return binary blobs (uploaded files, generated PDFs, signed responses) wrapped in Base64 inside a JSON string. The JSON itself is human-readable, but the interesting bit is one decode step away.
  • JWTs and HTTP headers. JSON Web Tokens consist of three Base64-encoded segments separated by dots — header, payload, signature. Pasting just the middle segment into this decoder is the fastest way to inspect a token’s claims. HTTP Basic auth headers also pass username:password as Base64; decoding a captured header reveals what the client sent.

In every case the work is the same: paste, click, read.

How to decode Base64 on ToolJutsu

  1. Paste your Base64 string into the input box. Whitespace and line breaks are fine — the decoder strips them before doing anything.
  2. Click Load sample if you want to see what a successful decode looks like.
  3. Read the result in the Decoded text box. As soon as the input is valid, the output updates live — there is no Convert button to click.
  4. Click the Copy button to put the decoded text on your clipboard.
  5. If the input is not valid Base64, you’ll see a friendly error telling you exactly what went wrong (most often a missing = padding character or a stray non-Base64 symbol).

Common decoding scenarios

When you need file content, not text, the full Base64 Encoder & Decoder tool offers a “decode to file” mode that builds a downloadable blob from the bytes. Use that for anything that decodes to a PNG, a PDF or any other binary payload — this landing is optimised for the single most-asked task, which is “I have a Base64 string and I want to see what it says.”

When you decode a JWT, paste only the middle segment (between the two dots). The first segment is the header (also Base64-encoded JSON), the third is the cryptographic signature (binary, not text). The sibling JWT Decoder splits all three for you and pretty-prints the JSON.

When the input is URL-safe Base64 (which substitutes - for + and _ for /, and may drop padding), this decoder rejects it. Run the input through Find & Replace first to swap the characters back, then come here.

Privacy

The decoder reads your input from the textarea, runs the browser’s built-in atob to turn each four-character group back into three bytes, then hands the bytes to a TextDecoder set to UTF-8. All three steps run synchronously in JavaScript on your device. The page makes no network requests after the initial JavaScript loads, so neither ToolJutsu nor anyone else sees your input — including the contents of any tokens, certificates or API responses you paste in.

Compatibility notes

Modern browsers ship atob and TextDecoder natively, so the decoder works in Chrome 38+, Firefox 19+, Safari 10+, Edge, and every mobile browser of the last decade. No polyfills, no fallbacks. If you need to decode programmatically rather than through a web page, the same one-line atob + TextDecoder('utf-8') recipe works in every JavaScript environment.

Frequently asked questions

What kind of strings can I decode?
Anything that's valid standard Base64. The decoder accepts the full standard alphabet (A–Z, a–z, 0–9, +, /) plus the = padding character, and silently ignores whitespace and line breaks (so multi-line Base64 from emails, PEM-style certificate dumps and YAML strings all paste in cleanly). Output is decoded as UTF-8 text — the most common encoding for text-based payloads on the web.
Why does the decoder say my input is invalid?
Two reasons usually. Either the string contains stray characters that are not in the Base64 alphabet (a hyphen, an underscore, a smart quote, a stray emoji), or it is missing or has the wrong number of = padding characters at the end — valid Base64 has a length that is a multiple of four. If you have URL-safe Base64 (which uses - and _ instead of + and /), you'll need to convert it to standard Base64 first; the ToolJutsu Find & Replace tool handles that in one pass.
Can this decode files and binary data, not just text?
This dedicated landing is text-only by design — paste a Base64 string, get UTF-8 text back. For round-tripping binary data (decoding to a file, encoding a file to Base64, working with images-as-data-URIs) use the full Base64 Encoder & Decoder, which has a file-input mode and produces a downloadable file. The math is the same — this landing is the streamlined option for the most common task.
Is Base64 a form of encryption?
No, and it never was. Base64 is an encoding — a deterministic, reversible way to represent arbitrary bytes using only 64 printable ASCII characters. Anyone who sees the encoded text can decode it instantly with this tool or one line of code in any language. Base64 exists to safely transport binary data through systems that only expect text (email headers, JSON, URLs, HTTP basic auth, JWT payloads) — not to keep anything secret. If you need confidentiality, use real cryptography.
Does my input get sent to a server?
No. The whole decode happens in JavaScript on your device using the standard atob API plus a UTF-8 text decoder. The page loads its small JavaScript bundle once and caches it; after that there are no network requests, including no analytics on your input. You can confirm by opening your browser's Network tab before pasting, or by turning off Wi-Fi after the page loads — the decoder keeps working.

Related tools

Base64 Encoder & Decoder

Encode and decode Base64, with full UTF-8 support.

URL Decoder

Decode percent-encoded URLs and query strings.

HTML Decoder

Decode HTML entities back to plain text.

JWT Decoder

Decode and inspect JSON Web Token headers and payloads.

JSON Formatter

Format, validate, and minify JSON instantly.

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes.