RevealTheme logo

Base32 Encoder & Decoder

Convert text to Base32 and back using the standard RFC 4648 alphabet (A-Z, 2-7) with '=' padding. Everything runs in your browser.

How to use this tool

  1. 1

    Choose 'Encode' to turn text into Base32, or 'Decode' to turn Base32 back into text, using the mode dropdown.

  2. 2

    Type or paste your input into the text box — UTF-8 text when encoding, or a Base32 string when decoding.

  3. 3

    Read the result in the gray output panel below; it updates instantly as you type, with no button to press.

  4. 4

    Select and copy the output text to use it elsewhere.

What is Base32 encoding?

Base32 is a binary-to-text encoding defined in RFC 4648 that represents data using 32 printable characters: the uppercase letters A-Z and the digits 2-7. It works by reading the input as a stream of bits and slicing it into 5-bit groups (2^5 = 32), mapping each group to one alphabet character. Because the input is grouped in 40-bit blocks (the least common multiple of 5 and 8), the output is padded with '=' characters until its length is a multiple of 8. This tool encodes the UTF-8 bytes of whatever text you type, so multi-byte characters like emoji or accented letters expand into several bytes before encoding. The trade-off versus Base64 is size: Base32 needs 8 characters per 5 bytes (about 60% overhead) rather than 4 characters per 3 bytes. In return it omits the easily-confused characters 0, 1, 8, and 9 and is case-insensitive, which makes it well suited to values people read aloud, type by hand, or embed in case-folding systems like DNS. Note this tool uses the standard alphabet, not the base32hex or Crockford variants, which order their characters differently and will not interoperate.

Common use cases

  • Inspecting a TOTP/2FA setup string by decoding the Base32 secret an authenticator app expects.

  • Encoding a short identifier into a case-insensitive form safe to drop into a DNS label or subdomain.

  • Hand-checking the output of a server library against a known-good Base32 implementation while debugging.

  • Producing tokens or codes meant to be read aloud or typed without confusing 0/O or 1/I/l.

  • Decoding a Base32 string copied from a config file or QR-code payload to see the underlying text.

  • Teaching or learning how bit-level encodings group data, by watching how input maps to 5-bit chunks.

Frequently asked questions

Why use Base32 instead of Base64?
Base32 is less compact — 8 characters per 5 bytes versus Base64's 4 characters per 3 bytes — but it is case-insensitive and drops visually ambiguous characters like 0, 1, 8 and 9. That makes it easier for people to transcribe by hand or read aloud, and safe for case-insensitive systems such as DNS.
Which Base32 variant does this tool use?
It uses the standard RFC 4648 alphabet: A-Z followed by 2-7, with '=' as the padding character. It does not implement the base32hex or Crockford Base32 variants, which use different character orderings and are not compatible.
Can I encode files or raw binary data?
No. This tool works on text only. When encoding it converts your text to UTF-8 bytes first; when decoding it interprets the resulting bytes back as UTF-8 text. It does not accept file uploads or hex input.
Why does decoding sometimes produce odd or replacement characters?
Decoding is lenient: it uppercases input, strips '=' padding, and skips any character not in the A-Z2-7 alphabet (including spaces and line breaks). If the bytes it recovers are not valid UTF-8 — for example because the original data was raw binary, not text — the browser's decoder may show replacement characters.
Can I decode a TOTP secret to see the raw key?
Only partially. Authenticator secrets are random binary keys shown in Base32. This tool will decode the Base32, but it then renders the bytes as UTF-8 text, so a binary key will usually appear as garbled or replacement characters rather than a clean value. It is useful for checking the Base32 itself, not for extracting the raw key bytes.
Is my data sent to a server?
No. All encoding and decoding happens locally in your browser using JavaScript. Nothing you type is uploaded, logged, or stored.

Related tools