Encode / Decode Toolkit

Encode / Decode

Base64, URL encode, HTML entities, binary, hex, ASCII, Unicode escape, ROT13, Base32, and JWT decoder — all in one place.

Input

#base64#url encode#html entities#binary#hex#ascii#unicode#rot13#base32#jwt

What's included in Encode / Decode Toolkit

10 tools, all free and client-side — no login or data upload required.

Base64 Encode / Decode

Encode plain text or binary data to Base64, or decode Base64 strings back to readable text — supports file encoding too.

Embed images as data URIs in HTML/CSS
Encode API credentials for HTTP Basic Auth
Decode Base64 payloads from API responses or emails

URL Encode / Decode

Percent-encode special characters in URLs for safe transmission, or decode URL-encoded query strings.

Encode query parameters with special characters
Decode URL-encoded form submissions
Debug percent-encoded URLs from server logs

HTML Entities

Convert characters like <, >, &, and " to HTML entities and vice versa for safe HTML embedding.

Safely embed user-generated content in HTML
Decode HTML entities from scraped web content
Prevent XSS by encoding special characters

Binary Converter

Convert any text string to its binary (0s and 1s) representation and decode binary back to text.

Visualize text as binary for educational purposes
Debug binary data protocols
Generate binary strings for computer science assignments

Hex Converter

Encode text as hexadecimal bytes and decode hex strings back to readable characters.

Inspect hex-encoded database values
Convert hex color codes to text
Debug hex-encoded network payloads

ASCII Converter

Convert text to ASCII decimal codes and decode ASCII code sequences back to their character equivalents.

Look up ASCII values for special characters
Debug character encoding issues
Generate ASCII art character mappings

Unicode Escape

Escape Unicode characters to \uXXXX sequences for use in JSON, JavaScript, and Java source code.

Safely include emoji and special chars in JSON
Escape Unicode for Java .properties files
Debug Unicode encoding in internationalized apps

ROT13 Cipher

Apply the ROT13 substitution cipher to text — useful for hiding spoilers and obfuscating content.

Hide spoilers in forum posts and emails
Encode answers in puzzle or quiz content
Apply basic obfuscation for non-sensitive text

Base32 Encode / Decode

Encode and decode data using the Base32 alphabet (RFC 4648) — used in TOTP, OTP, and some file formats.

Generate TOTP secret keys for two-factor authentication
Encode binary data for case-insensitive systems
Debug Base32-encoded tokens from authentication libraries

JWT Decoder

Decode any JSON Web Token and inspect its header algorithm, payload claims, and expiration without a secret key.

Inspect JWT claims during API debugging
Check token expiration without parsing code
Audit user roles and permissions encoded in JWTs

About Encode / Decode Toolkit

The Encode / Decode Toolkit covers every common encoding developers encounter — Base64 for data URIs and HTTP Basic auth, URL percent-encoding for query strings, HTML entity escaping for safe embedding, and binary, hex, and ASCII for low-level debugging. Each tool encodes in one direction and decodes in the other, with input validation and live output.

The JWT Decoder inspects JSON Web Tokens without requiring a signing key, revealing the header algorithm, payload claims, and expiration time — exactly what you need when debugging an expired session or auditing user roles in production tokens. The Base32 encoder supports the RFC 4648 alphabet used by TOTP secrets and OTP libraries, and ROT13 provides quick obfuscation for spoiler text and puzzles.

All encoding and decoding happens in your browser. JWTs, auth credentials, and binary payloads never leave your device, which makes the toolkit safe for debugging sensitive tokens from production systems without an air-gapped environment.

How to use Encode / Decode Toolkit

1
Choose your encoding
Select a tab: Base64, URL, HTML, Binary, Hex, ASCII, Unicode, ROT13, Base32, or JWT. Each tab has its own input, output, and encode/decode toggle.
2
Paste input
Drop raw text or encoded data into the input field. For JWT, paste the entire token with its dots; for Base64 and Base32, paste either the encoded string or the plain text you want to encode.
3
Switch direction
Use the encode / decode toggle to reverse direction. Most tools detect the direction automatically if you paste unmistakably encoded input.
4
Copy the result
Copy the output with one click. All processing is in-browser, so nothing is persisted across reloads.

Frequently asked questions

Is Base64 encoding secure enough for passwords or secrets?

No. Base64 is an encoding, not encryption. Anyone can decode it instantly. Use Base64 for data transport (e.g. in URLs, HTTP headers, or embedded images), never as a way to protect credentials. For secrets, use the AES tool in the Security Toolkit.

Can the JWT Decoder verify token signatures?

The decoder parses and displays the header and payload of any JWT without requiring a secret, which is ideal for inspecting expired, third-party, or debug tokens. For signature verification against a key, use the JWT Builder in the Security Toolkit.

What's the difference between URL encoding and HTML entities?

URL encoding replaces unsafe characters with %XX sequences so they can appear in query strings and paths (e.g. space → %20). HTML entities replace characters like < and & with named or numeric entities (<, &) so they render as literal text inside HTML markup.

Why would I use Base32 instead of Base64?

Base32 uses a 32-character alphabet that is case-insensitive and contains no symbols, which makes it suitable for systems where case is lost (filenames on some OSes) or where humans need to type encoded values. TOTP two-factor secrets are distributed in Base32 for this reason.

Does Unicode Escape handle surrogate pairs for emoji?

Yes. Characters outside the Basic Multilingual Plane (like emoji) are escaped as UTF-16 surrogate pairs (\uD83D\uDE00 for ) which are valid in JSON, JavaScript, and Java source.

Is ROT13 used anywhere in production?

Rarely. ROT13 is a Caesar cipher meant for hiding spoilers and casual obfuscation, not for security. Use it to hide the punchline of a joke, an answer to a puzzle, or a minor spoiler — never to protect real data.