Base32 Encoder and Decoder
Base32 represents binary data using 32 characters — the ten digits 2-7 and the 26 uppercase letters, with no 0/O or 1/I to avoid reading mistakes. That makes it ideal for anything a human has to type or read aloud: two-factor TOTP secrets, voucher codes, case-insensitive identifiers. This tool encodes binary or text to Base32 and decodes it back, following RFC 4648 with optional padding.
How to encode or decode Base32
-
1
Paste text or upload a file
Input is treated as bytes. UTF-8 is the default interpretation for text input.
-
2
Pick direction
Encode to turn raw bytes into a Base32 string; decode to recover the bytes.
-
3
Configure padding
RFC 4648 specifies `=` padding up to a length multiple of 8. Turn it off for TOTP secrets and compact tokens.
-
4
Copy the result
Encoded output is uppercase, padded or unpadded per your setting.
The RFC 4648 alphabet
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 2 3 4 5 6 7
No 0, no 1, no 8, no 9. Each character encodes 5 bits (2^5 = 32), so 5 input bytes become 8 output characters.
Worked example
Encoding the ASCII string foo (bytes 0x66 0x6F 0x6F = 01100110 01101111 01101111):
- Chunk into 5-bit groups:
01100 11001 10111 10110 1111(last group padded) - Map to alphabet:
MZXW6 - Add
===padding to reach 8 characters:MZXW6===
Padding and length rules
| Input bytes | Output length | Padding |
|---|---|---|
| 1 | 8 | ====== |
| 2 | 8 | ==== |
| 3 | 8 | === |
| 4 | 8 | = |
| 5 | 8 | (none) |
Variants beyond RFC 4648
- Base32 Hex — Alphabet
0-9A-V, used by NSEC3 in DNSSEC. - Crockford’s Base32 — Alphabet optimised for human typing; substitutes
O→0,I/L→1on decode. Used by ULIDs and some license keys.
This tool defaults to standard RFC 4648.
TOTP secrets
The otpauth:// URI format used by Google Authenticator and every modern 2FA app encodes the shared secret in Base32 without padding. When you scan a QR for “My Service”, the secret= parameter is a Base32 string. Decode it with this tool to inspect the raw bytes the HMAC uses.
Frequently Asked Questions
Base32 is case-insensitive and avoids look-alike characters, which matters for anything a human reads or types. Base64 is denser (fewer characters for the same bytes) but requires you to distinguish I from l and 0 from O, which fails in handwriting and small print.
RFC 4648 says yes, but most real-world consumers (TOTP apps, ULID libraries, DNSSEC resolvers) accept unpadded input. This tool lets you choose; paste in either form and decode should work.
Standard Base32 has no 0, 1, 8 or 9 and is always uppercase. If your input has those, it may be Crockford’s variant or base32hex, not RFC 4648. Clean the input or pick the correct variant.
No. Encoding and decoding happen in the browser. Neither the input nor the result leaves your machine.
Related Tools
AES Encrypt / Decrypt
Encrypt and decrypt low-risk text with AES OpenSSL ciphers. The passphrase is hashed with SHA-256 and the Base64 output is IV plus ciphertext.
A1Z26 Cipher Encoder
Encode text using the A1Z26 cipher (A=1, B=2, ... Z=26) or decode a number sequence back to letters, with customizable separator.
bcrypt Hash Generator
Generate bcrypt hashes or verify a plaintext password against an existing bcrypt hash. Side-by-side generate and verify in one tool.
Atbash Cipher Encoder
Encode or decode text with the Atbash cipher, a Hebrew substitution that maps A-Z to Z-A. Same operation encrypts and decrypts.
Base85 Encoder and Decoder
Encode and decode Base85 in Adobe Ascii85 (PostScript/PDF) or Z85 (ZeroMQ) variants. More compact than Base64 for binary data.
bcrypt Generator
Generate a bcrypt hash from a plaintext password. Adjustable cost factor from 4 to 14, compatible with Laravel, Django, Node and PHP.