Base32 Encoder / Decoder

Variant:

Auto-convert

Input Text

Drop file here

Chars: 0 | Bytes: 0

Encoded Output

Chars: 0 | Overhead: 0%

Line Wrap (chars, 0=none)

Input Encoding (for encode)

Output Format (for decode)

Download Format

Include Padding (=)

Uppercase Output

Strip Whitespace from Input

Process Line by Line

URL-Safe (no padding)

Crockford Checksum

Current Variant Alphabet

Base32 Encoding Process

Input bytes	Groups of 5	Output chars	Padding
1 byte (8 bits)	1 group of 5 + 3 leftover	2 chars	6 padding (======)
2 bytes (16 bits)	3 groups of 5 + 1 leftover	4 chars	4 padding (====)
3 bytes (24 bits)	4 groups of 5 + 4 leftover	5 chars	3 padding (===)
4 bytes (32 bits)	6 groups of 5 + 2 leftover	7 chars	1 padding (=)
5 bytes (40 bits)	8 groups of 5 + 0 leftover	8 chars	None

Variant Comparison

Variant	Alphabet	Padding	Case Sensitive	Use Case
RFC 4648	A-Z 2-7	= (required)	No	TOTP, Geohash, general
Base32 Hex	0-9 A-V	= (required)	No	Sort-preserving encoding
Crockford	0-9 A-Z (excl.ILOU)	None	No (normalize)	Human-readable IDs
z-base-32	ybndrfg8ejkmcpqx...	None	Yes	Human speech, IRC

Quick Samples

Why Use Our Base32 Encoder / Decoder?

4 Variants

RFC 4648, Hex, Crockford, z-base-32

Validation

Real-time char analysis

File Mode

Encode any file type

Batch

Multi-string processing

Private

100% browser-based

Visualizer

Step-by-step encoding

The Complete Guide to Base32 Encoding and Decoding: Understanding RFC 4648 and Its Variants

In the world of data encoding, Base32 occupies a unique and valuable niche between the compact efficiency of Base64 and the human-readable clarity of hexadecimal encoding. While Base64 is the go-to choice for embedding binary data in text-based formats like email and JSON, Base32 solves a different problem: representing binary data using only a limited set of characters that can be safely typed, spoken aloud, transmitted over case-insensitive channels, and verified by human eyes without confusion between visually similar characters. Our free Base32 encoder decoder online supports all four major Base32 variants—RFC 4648 Standard, Base32 Hex, Crockford Base32, and z-base-32—along with advanced features including file encoding, batch processing, real-time validation, and a step-by-step visual encoding breakdown, all running privately in your browser without any data leaving your device.

Base32 encoding was standardized in RFC 4648 (2006), which defines both Base32 and Base32 Hex as well as the more familiar Base64 and Base16 (hexadecimal) encodings. The fundamental principle of Base32 is simple: take any sequence of bytes and represent it using only 32 specific characters—in the RFC 4648 standard, these are the uppercase letters A through Z and the digits 2 through 7. By using only 32 distinct symbols, every encoded character conveys exactly 5 bits of information (since 2^5 = 32), compared to 6 bits per character in Base64. This lower information density means Base32 output is about 60% larger than Base64 and about 2.6× larger than the original binary data (specifically, every 5 bytes of input becomes 8 characters of Base32 output), but this trade-off is entirely worthwhile in contexts where human-readability and case-insensitivity are paramount concerns.

How Base32 Encoding Works: The Step-by-Step Mechanism

Understanding the mechanics of Base32 encoding helps appreciate both its design goals and its practical limitations. The encoding process begins by taking the input bytes and concatenating them into a single bitstream. This bitstream is then divided into groups of 5 bits. Each 5-bit group has a value from 0 to 31, which maps directly to one character in the Base32 alphabet—for RFC 4648, value 0 maps to 'A', value 1 to 'B', and so on through value 25 which maps to 'Z', then value 26 maps to '2', through value 31 which maps to '7'. Since 5 does not divide evenly into 8 (the number of bits per byte), the encoding works on groups of 5 bytes at a time (40 bits, which divides cleanly into 8 five-bit groups, producing 8 output characters). When the input length is not a multiple of 5 bytes, padding characters (=) are added to round up to a full 8-character block.

The padding rules are precisely defined: 1 byte of input (8 bits, 2 groups of 5 leaving 3 unused bits) produces 2 Base32 characters plus 6 padding characters (======). 2 bytes (16 bits, 4 groups leaving 4 unused) produce 4 characters plus 4 padding (====). 3 bytes (24 bits, 5 groups leaving 1 unused) produce 5 characters plus 3 padding (===). 4 bytes (32 bits, 7 groups leaving 2 unused) produce 7 characters plus 1 padding (=). Only 5 bytes produces 8 characters with no padding needed. Our visual encoding tab makes this process completely transparent by showing the exact bit groupings, their decimal values, and the resulting characters for any input you provide.

The Four Base32 Variants: When to Use Each

The RFC 4648 Standard Base32 is the most widely deployed variant and should be your default choice unless you have a specific reason to use another. It uses uppercase A-Z and digits 2-7 (deliberately omitting 0 and 1 which could be confused with O and I). This variant is used in TOTP (Time-based One-Time Password) authentication systems like Google Authenticator, where the secret key is stored and shared as a Base32 string. It's also used in geohash encoding, Onion Service addresses in the Tor network, file systems that need case-insensitive encoding, and many other applications where a clean, widely supported encoding is needed.

Base32 Hex (also called Base32Extended Hex or base32hex) uses the alphabet 0-9 followed by A-V. The key advantage of this variant is that it is sort-order preserving: if you have a set of Base32 Hex encoded strings, sorting them lexicographically produces the same order as sorting the original binary values numerically. This property is invaluable for applications where encoded data needs to be stored in databases or file systems with sorted access, such as distributed key-value stores, time-series databases, or any system where range queries on encoded keys are needed. Our Base32 encoding tool online supports this variant with the same full feature set as the standard variant.

Crockford Base32 was designed by Douglas Crockford specifically for human-readable identifiers. It uses the digits 0-9 and letters A-Z, but excludes the letters I, L, O, and U to avoid visual ambiguity (I and 1 look similar, L and 1 look similar, O and 0 look similar, and U could be confused with V). The encoding is case-insensitive for decoding, and the decoder additionally treats the letters I and L as the digit 1, and O as the digit 0, providing robustness against common transcription errors. An optional checksum character can be appended using one of 37 symbols (0-9 A-Z with *, ~, $, =, and U) providing error detection. Crockford Base32 is an excellent choice for generating human-readable IDs, short codes, and identifiers that users need to read, write, or speak aloud.

z-base-32 is a human-oriented encoding designed by Zooko Wilcox-O'Hearn for use in environments where data must be spoken, written by hand, or transmitted orally. Its alphabet is ybndrfg8ejkmcpqxot1uwisza345h769, carefully ordered to prioritize the most easily distinguishable characters and place commonly confused characters (like 'i' and '1') far apart. z-base-32 is case-sensitive and does not use padding, making it more compact than the padded variants. It's used in some peer-to-peer protocols and decentralized applications where identifiers need to be communicated verbally between people.

Practical Applications of Base32 Encoding

The most widely encountered real-world application of Base32 is in TOTP authentication (RFC 6238), the technology behind "authenticator app" two-factor authentication. When you scan a QR code to add an account to Google Authenticator, Authy, or any TOTP app, the QR code encodes a URL containing a Base32-encoded secret key—for example, "JBSWY3DPEHPK3PXP" is the Base32 encoding of the byte sequence used as the HMAC key. The choice of Base32 over Base64 here is deliberate: users sometimes need to manually enter this key by typing it, and a case-insensitive alphabet with no special characters makes this much less error-prone than Base64's mixed-case alphanumeric plus +/= characters.

Another significant application is in Tor hidden service addresses. The newer v3 onion addresses (56 characters long, ending in ".onion") use RFC 4648 Base32 encoding of the service's public key hash plus version and checksum information. The case-insensitivity is important here because onion addresses are typed into browsers where capitalization might vary. Similarly, the I2P network uses Base32 for router and destination addresses.

In DNS-based systems, Base32 is preferred over Base64 for encoding binary data that must be embedded in domain names or other case-insensitive contexts. The NSEC3 resource record type in DNSSEC, for example, uses Base32 Hex encoding for hashed owner names, specifically because of its sort-order preservation property which maps cleanly to DNS's own sorting requirements. File systems like ZFS use Base32 for internal identifiers in certain contexts.

The Geohash system, used for representing geographic coordinates as short strings, uses a custom Base32 alphabet (0-9 and b-z excluding 'a', 'i', 'l', and 'o'). A geohash like "gcpvh" represents a specific region in the UK, and the sort-order-preserving property means that nearby locations share common prefixes. Web developers and data engineers use geohash extensively for location-based indexing, clustering nearby points, and building geographic search systems.

Base32 vs. Base64: Choosing the Right Encoding

The most common question when working with encoding is: should I use Base32 or Base64? The answer depends entirely on the use case. Base64 is more space-efficient—it encodes 6 bits per character versus 5 bits for Base32, so Base64 output is about 33% larger than the original data while Base32 output is 60% larger. For large binary files, email attachments, or API payloads, this efficiency difference is significant. Base64 also has native support in more programming languages, browser APIs (like the Web Crypto API and Canvas API), and data URI schemes.

However, Base32 wins in several important scenarios. When data must pass through case-insensitive channels—older email gateways, file system names, DNS records, URL paths—Base32's purely alphanumeric output (no +, /, or = that require URL-encoding) is safer and more robust. When data must be typed by humans, Base32's simpler alphabet with fewer ambiguous characters reduces transcription errors. When encoded data needs to be spoken aloud, read over the phone, or written by hand, Base32's character set is much more manageable. And when sort-order preservation matters, Base32 Hex is the only standard encoding that provides this guarantee.

Using Our Base32 Tool: Advanced Features Guide

Our free online Base32 encoder decoder goes far beyond simple text-to-Base32 conversion. The Options tab provides control over padding inclusion (RFC 4648 requires padding, but many systems accept unpadded Base32), output case (uppercase is standard but lowercase is sometimes preferred), line wrapping for fixed-width output, and multiple input encodings. The input encoding option is particularly useful for developers—you can paste hex bytes directly (e.g., "48 65 6C 6C 6F") and encode them as Base32 without needing to convert through text first. Similarly, the output encoding for decode mode lets you see decoded data as hex, binary bits, or decimal byte values.

The Crockford Checksum option appends a single checksum character to Crockford Base32 output, providing basic error detection. This is useful for generating IDs and short codes that need to be verified—the checksum catches common transcription errors like transposed digits or single character substitutions. The URL-Safe option removes padding characters, which is useful when embedding Base32 in URLs where the = character requires percent-encoding.

The File Mode tab allows encoding any file—images, documents, executables, archives—to Base32 text and decoding Base32 back to the original file. This is useful for embedding binary files in text-based configuration files, transmitting files through text-only channels, or creating text representations of binary data for storage in systems that only accept text. The file processing happens entirely in your browser using the FileReader API, so no file data ever leaves your device.

The Validation tab is invaluable when debugging Base32 issues. It performs a character-by-character analysis of any Base32 string, identifying valid characters (highlighted in green), invalid characters (highlighted in red with underline), and padding characters (highlighted in blue). The validator shows the exact character position of any errors, the number of valid versus invalid characters, padding correctness, and whether the string length is valid for the selected variant. This level of detail is essential for diagnosing why a Base32 decoder is failing on a specific input.

Common Pitfalls and Troubleshooting

The most common Base32 decoding failure is caused by padding issues. RFC 4648 Base32 strings must have a total length that is a multiple of 8 characters. If a string was produced by a system that omits padding, a strict decoder will reject it. Our tool handles this gracefully: when "Strip Whitespace from Input" is enabled and the decoder encounters an unpadded string, it can attempt to add the correct number of padding characters before decoding. The validator shows exactly how many padding characters are needed to make a string valid.

Another common issue is case sensitivity confusion. RFC 4648 Base32 is case-insensitive (JBSWY3DP and jbswy3dp are equivalent), but z-base-32 is case-sensitive. Crockford Base32 normalizes case during decoding, accepting both uppercase and lowercase. Our decoder handles case normalization automatically for the appropriate variants, ensuring that you get correct results regardless of the case of the input.

When working with binary data input using the hex input encoding option, ensure that hex values are space-separated (48 65 6C 6C 6F) or in continuous pairs (48656c6c6f). The decoder automatically handles both formats. For binary bit input, ensure 8 bits per byte with space separation or a continuous bit string that is a multiple of 8 in length.

Conclusion: The Essential Base32 Tool for Every Developer

Our Base32 encoder decoder online is the most comprehensive Base32 tool available, combining four variant support, file encoding, batch processing, real-time validation, visual encoding breakdown, and a complete reference guide—all running privately in your browser without signup or data upload. Whether you need to encode Base32 online for TOTP authentication development, decode Base32 online for analyzing Tor addresses, validate Base32 strings in Crockford format for your ID generation system, or encode binary files as Base32 text for embedding in configuration files, our tool provides the accuracy, flexibility, and insight you need. Bookmark it as your go-to free Base32 encode decode tool for all encoding tasks.

Frequently Asked Questions

Base32 is a binary-to-text encoding scheme that represents arbitrary binary data using 32 alphanumeric characters. Each character encodes exactly 5 bits of data. The encoder groups input bytes into 5-byte (40-bit) blocks, divides each block into eight 5-bit groups, and maps each group to a character in the Base32 alphabet. For inputs that aren't multiples of 5 bytes, padding characters (=) are added to complete the block. The result is a string that is about 60% larger than the original data but uses only a safe, case-insensitive character set.

Base64 uses 64 characters (A-Z, a-z, 0-9, +, /) and encodes 6 bits per character, making output about 33% larger than input. Base32 uses 32 characters and encodes 5 bits per character, making output 60% larger. Base64 is more compact and widely supported, but Base32 has key advantages: it uses only uppercase alphanumeric characters (case-insensitive), contains no special characters that need URL-encoding, and has no visually ambiguous characters (in variants like Crockford). Choose Base32 when data must be typed by humans, spoken aloud, or used in case-insensitive contexts like DNS, file systems, or authenticator apps.

TOTP (RFC 6238) uses RFC 4648 Base32 to encode the secret key shared between the server and authenticator app. The reasons are: (1) Users sometimes need to manually type the secret key when setting up 2FA, so a case-insensitive alphabet with no special characters dramatically reduces errors; (2) The 32-character alphabet avoids the confusion between 0/O and 1/I that hex would introduce; (3) Base32 is compact enough that a 20-byte secret key becomes only 32 characters, which fits in a manageable backup code. To test TOTP keys, encode your secret in Base32 and verify it matches the code your authenticator app shows.

Crockford Base32 was designed by Douglas Crockford for human-readable identifiers. It uses 0-9 and A-Z but excludes I, L, O, and U to avoid visual confusion with 1, 1, 0, and V respectively. It's case-insensitive and the decoder treats 'i' and 'l' as '1', and 'o' as '0', correcting common transcription errors. An optional checksum character provides error detection. Use Crockford when generating short codes, order IDs, ticket numbers, or any identifier that humans need to read, write, or communicate. ULID (Universally Unique Lexicographically Sortable Identifier) is a popular ID format that uses Crockford Base32.

The = signs are padding characters. Base32 encodes data in 5-byte (40-bit) blocks, producing 8 Base32 characters. When input data length is not a multiple of 5 bytes, the encoder pads the output to complete the 8-character block: 1 extra byte → 6 = signs; 2 extra bytes → 4 = signs; 3 extra bytes → 3 = signs; 4 extra bytes → 1 = sign. Padding is required by RFC 4648 for strict compliance but many systems accept unpadded Base32. Use the "URL-Safe (no padding)" option in our tool to remove padding for use in URLs where = needs to be percent-encoded.

Set the tool to Decode mode, select RFC 4648 variant, set Output Format to "Hex Bytes", then paste your TOTP secret key (e.g., JBSWY3DPEHPK3PXP). The tool will decode it to the raw bytes of the secret key in hexadecimal format. If you need the bytes as decimal values, select "Decimal Bytes" as the output format. The decoded bytes are what the HMAC-SHA1 function uses internally to generate TOTP codes. You can also set Output Format to "UTF-8 Text" to see if the secret is ASCII-representable text, though most TOTP secrets are random bytes.

Yes! Use the File Mode tab. Click the drop zone or drag any file onto it, select "Encode File → Base32", and click Process. The tool reads the file's raw bytes and encodes them as Base32 text. You can then copy the result or download it as a .b32 or .txt file. To decode back to the original file, paste the Base32 text (or use a .b32 file as input), select "Decode Base32 → File", and click Process. The download will reconstruct the original binary file. Note that Base32 is ~60% larger than the original file, so this is best for small files or specific use cases.

Base32 Hex uses the alphabet 0-9 followed by A-V (26 characters), which happens to be the first 32 characters of the ASCII printable range in numerical order. Because the alphabet values are in ascending ASCII order, lexicographic sorting of Base32 Hex strings produces the same ordering as numeric sorting of the original binary values. This property is essential for applications like NSEC3 in DNSSEC (where sorted order of hashed names matters), time-series databases (where records must be retrievable in time order), and any distributed system where encoded keys need to be range-queried efficiently.

Completely safe. This Base32 encoder/decoder runs entirely in your web browser using JavaScript. Your text, files, and TOTP secret keys are never transmitted to any server, stored in any database, or accessible by anyone else. All processing happens locally on your device. You can verify this by opening your browser's network inspector—no requests are made during encoding or decoding. This makes it safe to use even for sensitive TOTP secrets, authentication keys, or proprietary binary data.

Use the Validate tab to diagnose the issue. Paste your Base32 string there and it will identify each invalid character highlighted in red. Common causes: (1) Wrong variant — a Crockford-encoded string won't decode with RFC 4648; (2) Missing/extra padding — try enabling/disabling "Include Padding"; (3) The string was encoded with a different alphabet (like Base64) — check for characters like '+', '/', lowercase letters; (4) Embedded whitespace or newlines — enable "Strip Whitespace from Input"; (5) URL encoding artifacts — check for '%3D' instead of '='. The validator's character-by-character analysis immediately pinpoints the problematic characters.