Skip to content
epitometool

Base32 encode / decode

Encoders & decoders

Encode and decode Base32 (RFC 4648) text with UTF-8 support and optional padding — the encoding behind TOTP secrets and DNS-safe identifiers.

Updated

Mode

Plain text

0 chars

Base32

0 chars

  • EnterCopy output
  • KClear input

Quick start

How to use the Base32 tool

Pick a direction, paste your data, copy the result — nothing leaves your browser.

  1. Step 1
    Encode or decode

    Toggle between Encode and Decode. Turn off = padding if your target system rejects it.

  2. Step 2
    Paste input

    Drop text or a Base32 string into the left pane. UTF-8 characters round-trip cleanly.

  3. Step 3
    Copy output

    Hit Copy or press ⌘/Ctrl+Enter. Use Swap to feed the output back as input.

In-depth guide

Base32 encoding, decoding, and when to reach for it

Base32 encodes arbitrary bytes using a 32-character alphabet (A–Z and 2–7), packing five bits into every output character. It is bulkier than Base64 but its case-insensitive, ambiguity-free alphabet makes it the right choice for anything a human has to read aloud or type by hand — TOTP secrets, DNS-friendly identifiers, and base32-encoded hashes. This tool encodes and decodes both directions in your browser with full UTF-8 support.

What Base32 actually does

Base32 reads the input five bytes (40 bits) at a time and splits them into eight 5-bit groups, mapping each group to one of 32 printable characters. When the final block is short, = padding fills it out to a multiple of eight characters.

The cost is size: output is about 60% larger than the input, versus 33% for Base64. The benefit is robustness — the alphabet omits 0/O and 1/l confusion and ignores case, so it survives transcription, phone dictation, and case-mangling middleware.

When to use Base32 over Base64

Reach for Base32 when a human or a case-insensitive system touches the encoded string:

  • TOTP / 2FA secrets — the otpauth:// standard mandates Base32.
  • DNS labels and case-insensitive identifiers — Base32 fits the limited charset.
  • Manually-entered keys — license codes, recovery keys, anything read off a screen.

Stick with Base64 when size matters and the channel is machine-to-machine — JSON payloads, data URIs, and email attachments are all better served by the denser encoding.

Step by step

  1. Choose Encode to turn text into Base32, or Decode to recover text.
  2. Paste your input into the left pane — UTF-8 text or a Base32 string.
  3. Toggle = padding off if your target rejects it (some TOTP secrets and URLs do).
  4. Copy the result with the Copy button or ⌘/Ctrl+Enter, or hit Swap to feed it back as input.

Common pitfalls

Base32 inflates data by ~60%. For large blobs where size matters and the channel is machine-only, prefer Base64.

A few things trip people up:

  • Confusing Base32 with Base32hex. This tool uses the standard RFC 4648 §6 alphabet (A–Z 2–7), not the extended-hex variant (0–9 A–V) used by some DNSSEC records.
  • Expecting it to be encryption. Base32 is fully reversible by anyone — never use it to hide secrets.
  • Case sensitivity. Decoding is case-insensitive, but some downstream parsers expect uppercase. This tool emits uppercase by default.

Privacy and how it runs

Everything happens locally. The codec is a few dozen lines of JavaScript running on the bytes of your input — there is no server round-trip, no logging, and no analytics on the content you paste. Because the work is client-side, you can use it on confidential recovery keys or 2FA secrets without that data ever leaving the tab. Close the tab and the input is gone.

Frequently asked questions

Does this Base32 tool send my data anywhere?

No. Encoding and decoding run entirely in your browser with a hand-written RFC 4648 codec — no upload, no API call. Open DevTools → Network and you will see zero requests fire while you type.

What is the difference between Base32 and Base64?

Both turn bytes into printable text, but Base32 uses a 32-symbol alphabet (A–Z, 2–7) and packs 5 bits per character, while Base64 uses 64 symbols and packs 6 bits. Base32 is ~60% larger than the input versus ~33% for Base64, but its alphabet is case-insensitive and avoids easily-confused characters, so it survives DNS labels, voice dictation, and manual transcription better.

Why is Base32 used for TOTP / 2FA secrets?

Authenticator apps display the shared secret as Base32 because the alphabet has no 0/O or 1/l ambiguity and is case-insensitive, so a human can type it from a screen without errors. The `otpauth://` URI scheme mandates Base32 for the secret parameter.

Is the padding (=) required?

RFC 4648 specifies `=` padding so the encoded length is always a multiple of 8 characters, but most decoders — including this one — accept input with the padding stripped. Toggle padding off if your target system rejects `=` (some URLs and TOTP secrets omit it).

Can I encode emoji and other non-Latin text?

Yes. The tool encodes the UTF-8 byte sequence, so emoji, CJK, and accented characters round-trip cleanly. Decoding uses a strict UTF-8 decoder, so malformed byte sequences are reported as an error rather than producing replacement characters silently.

Is Base32 encryption?

No. It is an encoding, not a cipher — anyone with the Base32 string can recover the original bytes instantly. Use it to transport data through text-only channels; for confidentiality, encrypt first and Base32-encode the ciphertext.

Keep exploring

More tools you'll like

Hand-picked utilities that pair well with the one you're on — all free, client-side, and zero-signup.

More encoders & decoders

See all →

Popular across EpitomeTool

Browse all →
Browse all 212+ free tools