Encode / Decode — Universal Encoding Converter
0 chars
0 chars
Encode / Decode is a universal encoding toolkit that handles the conversions developers, security researchers, and curious tinkerers run into every single day. Need to Base64-encode an API key for a config file? Done. Want to URL-encode query parameters so they don't break your links? Two clicks. Trying to figure out what's inside a JWT token someone sent you? Paste it in.
Beyond the basics, you get Hex, Binary, Unicode escapes, HTML entities, ROT13, Punycode, Ascii85, and even Morse Code. There's also a File-to-Base64 converter for embedding images or documents directly into code, and a hash generator that produces MD5, SHA-1, SHA-256, and SHA-512 digests. It's the kind of tool you open once and leave pinned in a browser tab.
Here's what matters most: nothing you type or upload ever leaves your browser. Every conversion, every hash, every decoded JWT runs locally in JavaScript. There is no server receiving your data. Period.
eyJ and click Decode. The header, payload, and signature appear separately.We built this tool with a simple rule: your data is yours alone. When you upload a file or paste a JWT token, the processing happens entirely inside your browser's JavaScript engine. No data gets sent to any server, no temporary copies exist in the cloud, and we don't log what you convert.
This matters especially for sensitive content like authentication tokens, API secrets, or private documents. You can verify this yourself by opening your browser's Network tab — you won't see any outbound requests carrying your data.
No, and this is a common misconception. Base64 is an encoding scheme — it transforms binary data into ASCII text so it can travel safely through systems that only handle text (like email or JSON). Anyone can decode Base64 instantly. It provides zero security. If you need to protect data, use actual encryption like AES, not encoding.
Encoding is reversible — you can decode Base64 back to the original text. Hashing is a one-way function. Once you generate a SHA-256 hash, there's no mathematical way to reconstruct the input from it. Hashes are used for verifying file integrity, storing passwords, and digital signatures. Encodings are used for data transport.
Embedding images directly in CSS or HTML as Data URIs eliminates extra HTTP requests, which can speed up page loads for small assets. It's also useful when an API expects file data as a Base64 string in a JSON payload rather than a multipart upload. Our tool gives you multiple output formats — raw Base64, Data URI, CSS background, and more — so you get exactly the snippet you need.
Browser memory is the practical limit. Files under 10MB convert instantly. Keep in mind that Base64 encoding expands data by roughly a third — a 5MB image becomes about 6.7MB of Base64 text. For most use cases (embedding images in HTML, passing files through APIs), this is fine. Very large files above 100MB might slow your browser down, but they'll still work on devices with enough memory.
Yes, paste the Base64 string and the tool reconstructs the original binary file as a download. This works for anything that was Base64-encoded — images, PDFs, documents, audio files. The output is an exact byte-for-byte copy of the original. It's useful for extracting embedded assets from source code, recovering files from API payloads, or debugging data that someone sent in encoded form.
Standard Base64 uses the characters + and /, which have special meaning in web addresses and can break URLs. Base64URL replaces them with - and _ instead, making the output safe for URLs, filenames, and query parameters without needing extra escaping. Most APIs that accept Base64 data in URL parameters or headers expect the URL-safe variant. If your encoded string will appear in a URL, always use Base64URL.
No. Hashing is a one-way function by design — there is no mathematical process to reverse a hash and recover the original input. That's exactly what makes hashes useful for password storage and file integrity verification. Even knowing the hash tells you nothing about what produced it. MD5 and SHA-1 are considered weak for security purposes today, but SHA-256 and SHA-512 remain cryptographically robust.
Dive deeper into encoding concepts or explore related tools: