Base64-Decoder
Dekodieren Sie Base64-Daten in lesbaren Text mit sicherer UTF-8-Behandlung
What is Base64 Decoding?
Base64 decoding reverses the encoding process: it takes a Base64 string and reconstructs the original binary data. This is essential when you receive encoded data from APIs, inspect JWT tokens, debug email attachments, or extract embedded resources from Data URIs. The decoder reads groups of 4 characters, maps each back to a 6-bit value, reassembles 24-bit blocks, and strips any padding to produce the exact original byte sequence.
How Base64 Decoding Works Internally
The decoder performs the inverse of encoding: each Base64 character maps to a 6-bit integer via a lookup table. Four characters produce three bytes (24 bits). When the input ends with "=" padding, the decoder knows to discard the extra zero bits that were added during encoding. For example, "SGk=" decodes to "Hi" — the single padding character indicates only 2 original bytes exist in the final block.
A robust decoder must handle several edge cases: whitespace characters (newlines, spaces) that MIME-encoded data often includes, missing padding in implementations that omit it, and invalid characters that signal corrupted input. This tool handles all these gracefully, stripping whitespace before processing and reporting clear errors for genuinely invalid input.
Debugging and Inspection Workflows
Base64 decoding is one of the most frequent operations in API debugging. When you inspect a JWT token, the header and payload segments are Base64URL-encoded JSON. Decoding them reveals the claims, algorithm, and expiration without needing any secret key. Similarly, OAuth access tokens from some providers contain Base64-encoded metadata that reveals token type, scope, and issuer.
- API response inspection: Many APIs return binary payloads (images, PDFs, protobuf) as Base64 strings in JSON. Decoding lets you verify the content matches expectations.
- Email forensics: MIME attachments are Base64-encoded. Decoding the raw email source reveals the actual file content for analysis.
- Cookie analysis: Session cookies often Base64-encode serialized objects. Decoding reveals the session structure without needing the server-side key.
- Webhook payload inspection: Services like GitHub, Stripe, and AWS SNS sometimes Base64-encode nested payloads within JSON notifications.
Error Detection and Input Validation
Unlike encoding (which always succeeds for any input), decoding can fail. Common failure modes include:
- Invalid characters: Characters outside the Base64 alphabet (e.g., Unicode, special symbols) indicate the input is not actually Base64-encoded.
- Incorrect length: Valid Base64 has a length that is a multiple of 4 (after stripping whitespace). Lengths like 5, 6, or 7 characters suggest truncation or corruption.
- Double-encoding: A common bug where data gets encoded twice. The decoded output looks like another Base64 string — if you see "SGVs..." after decoding, try decoding again.
- Wrong variant: Trying to decode Base64URL with a standard decoder (or vice versa) produces garbage. The "+" vs "-" and "/" vs "_" mismatch corrupts the output silently.
This tool provides clear error messages indicating exactly what went wrong: invalid character position, length issues, or encoding format mismatches. It also automatically detects and handles Base64URL input.
UTF-8 Reconstruction After Decoding
When the original data was UTF-8 text (the most common case in web development), the decoded bytes
must be interpreted as UTF-8 to reconstruct the original string. Simply calling atob()
in JavaScript returns a Latin-1 string, which mangles any multi-byte characters. The correct approach
is to convert the decoded bytes through TextDecoder with explicit UTF-8 encoding.
This tool automatically applies UTF-8 interpretation after decoding, correctly handling text in any language including Chinese, Arabic, emoji sequences, and combined diacritics. If the decoded data is not valid UTF-8 (i.e., it is genuinely binary data like an image), the tool indicates this and shows a hex dump of the first bytes.
Code Examples
Decoding Base64 to UTF-8 text in JavaScript
// Safe Base64 → UTF-8 decoding (handles any character)
function decodeBase64(base64) {
const binString = atob(base64);
const bytes = Uint8Array.from(binString, c => c.codePointAt(0));
return new TextDecoder().decode(bytes);
}
console.log(decodeBase64('SGVsbG8sIOS4lueVjCEg8J+MjQ=='));Output:
Hello, 世界! 🌍Detecting double-encoded Base64
function isLikelyBase64(str) {
return /^[A-Za-z0-9+/]+=*$/.test(str) && str.length % 4 === 0;
}
const decoded = decodeBase64(input);
if (isLikelyBase64(decoded)) {
console.warn('Input appears to be double-encoded — decode again');
const final = decodeBase64(decoded);
}Standards & Specifications
- RFC 4648 — Defines the Base64 decoding algorithm, padding interpretation, and error conditions
- WHATWG Encoding Standard — Specifies the TextDecoder API used to interpret decoded bytes as UTF-8 text
Häufig Gestellte Fragen
What is Base64 decoding?
Base64 decoding converts Base64-encoded text back to its original format. This reverses the encoding process, transforming the ASCII-safe representation back into the original binary data or text.
How do I know if text is Base64 encoded?
Base64 encoded text only contains letters (A-Z, a-z), numbers (0-9), plus signs (+), forward slashes (/), and equals signs (=) for padding. If you see other characters, it's likely not Base64 encoded.
What happens if I try to decode invalid Base64?
If the input isn't valid Base64, the tool will display an error message explaining the problem. Common issues include invalid characters, incorrect padding, or corrupted data.
Is my data sent to a server?
No, all Base64 decoding happens in your browser. Your data never leaves your device. This ensures complete privacy and security for sensitive information.