Example
Input (encode mode)
Hello yutils 👋
Output
SGVsbG8geXV0aWxzIPCfkYs=
Note
UTF-8 based — multi-byte characters (Korean, emoji) round-trip safely. Output is ASCII, safe to embed in email, HTTP headers, JSON, etc.
Usage / FAQ
When to use
- Decode Base64 strings embedded in API responses into readable text
- Encode non-ASCII text safely into email or HTTP headers
- Generate Basic Auth `username:password` headers
- Handle multi-byte characters (Korean, emoji) safely via UTF-8
- Inspect the payload inside `data:` URI scheme images
FAQ
- Q.How is this different from native btoa/atob?
- A.JavaScript's btoa/atob only handle latin-1 — multi-byte (Korean, emoji) breaks. yutils uses TextEncoder/TextDecoder for safe UTF-8 round-trip.
- Q.Can I use this directly in URLs?
- A.Standard Base64 contains `+` `/` `=` which conflict with URL syntax. For URL safety use Base64URL (what JWT uses) or pair this with the URL Encode tool.
- Q.Is Base64 encryption?
- A.No — it's plain encoding, trivially reversible. For password/secret protection use SHA-256, bcrypt, or HMAC.
Fun facts
The `64` in Base64 is the size of the output alphabet. 6-bit integers (2⁶=64) align cleanly with bit shifts, making it the sweet spot. Had it been Base65, 6 bits would no longer suffice and every decoder on Earth would be significantly more complex.
RFC 4648Base64 encoding inflates data by about 33%. Three bytes (24 bits) become four characters (6 bits each). A 1 MB image inlined as Base64 weighs ~1.33 MB — which is why `data:` URI images get heavy fast.
Wikipedia — Base64Base64 first appeared in 1987's PEM (Privacy-Enhanced Mail, RFC 989). In the SMTP era, getting non-ASCII bytes (images, Korean text, …) through a 7-bit ASCII channel safely was the original mission — and that's still the job today.
RFC 989 (1987)
Related tools
- URL Encode / Decode
Percent-encode text for safe use in URLs, or decode percent-encoded URLs back to text. Runs entirely in your browser.
- UUID / ULID Generator
Generate UUID v4 (random), UUID v7 (time-ordered, RFC 9562), or ULID identifiers — all client-side via crypto.
- JWT Decoder
Decode the header and payload of a JSON Web Token. Signature is not verified (a public key is required). The token is processed entirely in your browser.
- JWT Encoder (HMAC)
Generate a signed JSON Web Token with HS256/HS384/HS512 (HMAC-SHA). Payload and secret stay in your browser — Web Crypto API based.
- SHA Hash
Compute SHA-1, SHA-256, SHA-384, or SHA-512 hash of text. Uses the browser's Web Crypto API; no data is sent to any server.
- Hex Encode / Decode
Encode text to hexadecimal or decode hex back to text. Supports UTF-8 multi-byte characters and tolerates whitespace.
- HTML Entity Encode / Decode
Encode HTML special characters (&, <, >, ", ') to entities, or decode named/numeric entities back to text.
- Password Generator
Generate cryptographically strong passwords, tokens, random strings, and passphrases with entropy display.
- Number Base Converter
Convert numbers between bases (binary/octal/decimal/hex/base36) using BigInt for large integers. Auto-detects 0b/0o/0x prefixes.
- URL Parser
Decompose a URL into protocol, host, path, query parameters, and hash — read-only inspection.
- HMAC Generator
Compute HMAC (Hash-based Message Authentication Code) with SHA-1/256/384/512 using the Web Crypto API.
- HMAC Verify
Verify whether a given HMAC signature matches the message + secret. Constant-time comparison via Web Crypto API.
- MD5 Hash
Compute MD5 hash for text. Note: MD5 is broken for security — checksums and legacy compatibility only.
- Punycode (IDN)
Convert international domain names to/from Punycode (xn-- encoded ASCII). Uses native URL parser.
- HTTP Status Codes
Browse and search HTTP status codes (1xx-5xx) with descriptions and common usage.
- User-Agent Parser
Parse User-Agent strings into browser, OS, device, and engine fields.
- Bcrypt Hash
Hash passwords with Bcrypt or verify a plaintext against an existing hash. Configurable salt rounds.
- Cookie Parser
Parse Cookie or Set-Cookie strings into a table. Decode percent-encoded values. Supports Set-Cookie attributes (Path/Domain/Max-Age/SameSite/HttpOnly/Secure).
- IP / CIDR Calculator
Compute network address, broadcast, host range, mask, and host count from an IPv4 + CIDR.
- cURL Builder
Build cURL commands from URL/method/headers/body. Auto-detects JSON content-type.