DevBolt
Processed in your browser. Your data never leaves your device.

How do I encode or decode text in multiple formats online?

Paste text and instantly encode or decode it in Base64, Base32, Hex, Binary, URL encoding, and HTML entities — all from a single interface. Switch between formats with one click. The tool handles full Unicode. Everything runs in your browser — your data never leaves your device.

Hex encode text
Input
Hello, World!
Output
48656c6c6f2c20576f726c6421
← Back to tools

Encode / Decode Multi-Tool

Encode and decode text using Base64, Base32, Hex, Binary, URL encoding, or HTML entities — all in one place.

RFC 4648 standard encoding

About Encoding Formats

  • Base64 — encodes binary data as ASCII text using A-Z, a-z, 0-9, +, /. Common in data URIs, email attachments, and API payloads.
  • Base32 — uses A-Z and 2-7 (case-insensitive). Used in TOTP secrets, Tor addresses, and file systems that are case-insensitive.
  • Hex — each byte as two hex digits. Used in checksums, color codes, and low-level debugging.
  • Binary — each byte as 8 bits. Useful for understanding bit-level data representation.
  • URL — percent-encodes special characters for safe use in URLs and query strings (RFC 3986).
  • HTML — encodes special characters as HTML entities to prevent XSS and display issues in web pages.
  • Everything runs in your browser — no data is sent over the network.

Tips & Best Practices

Pro Tip

Know when to use URL encoding vs Base64 vs Hex

URL encoding (%20) for query parameters and form data. Base64 for embedding binary in text (emails, data URIs). Hex for debugging byte-level data and hash values. Each encoding serves a different purpose — using the wrong one creates bugs.

Common Pitfall

Double-encoding is the most common encoding bug

Encoding an already-encoded string turns %20 into %2520 (encoding the % sign). This happens when multiple layers (framework, middleware, manual code) each apply encoding. Decode first, then encode once at the boundary.

Real-World Example

Base32 is used in TOTP/2FA secret keys

Google Authenticator and similar 2FA apps use Base32-encoded secrets because Base32 uses only uppercase letters and digits 2-7, making it easy to type manually and resistant to confusion between similar characters (0/O, 1/I/l).

Security Note

Encoding is not encryption — it provides zero confidentiality

Base64, hex, URL encoding, and HTML entities are all trivially reversible. Never use encoding to 'hide' sensitive data. If you need confidentiality, use actual encryption (AES-256-GCM, ChaCha20-Poly1305). Encoding is for format compatibility, not security.

Frequently Asked Questions

What is the difference between Base64, Base32, and Hex encoding?
Base64, Base32, and Hex are binary-to-text encoding schemes with different character sets and size overhead. Base64 uses 64 characters encoding 6 bits per character, producing output about 33% larger. Base32 uses 32 characters encoding 5 bits per character, about 60% larger. Hex uses 16 characters encoding 4 bits per character, doubling the size. Base64 is most compact and used for email, data URIs, and API payloads. Base32 is case-insensitive and used for TOTP secrets. Hex is used for hash outputs and color codes. DevBolt supports all formats plus URL and HTML encoding.
When should I use URL encoding vs Base64 encoding?
URL encoding makes strings safe within URL components by replacing special characters with %XX hex sequences. Use it for query parameter values, path segments, and form data. Base64 converts arbitrary binary data into an ASCII string for embedding in text-based formats like JSON, XML, or email bodies. Use it when transmitting binary content through text-only channels. They are sometimes combined: Base64url encoding (used in JWTs) replaces + with - and / with _ to make Base64 output URL-safe without additional percent encoding.
How do I decode text that has been encoded multiple times?
Double encoding happens when encoding functions are applied repeatedly by mistake. A space becomes %20 with one URL encoding pass, then %2520 with a second pass. To decode, apply the decoding function the same number of times. DevBolt's Multi-Tool lets you chain decoding operations: decode from one format, inspect the result, then decode again if needed. Common signs of double encoding include %25 sequences in URLs and Base64 output that decodes to another Base64 string. Fix the root cause by ensuring encoding is applied exactly once at the boundary where data transitions between contexts.

Related Convert Tools

TS

TypeScript to JavaScript

Convert TypeScript to JavaScript — strip types, interfaces, enums, generics, and access modifiers to get clean JS output

SQL

JSON to SQL Converter

Convert JSON arrays to SQL CREATE TABLE and INSERT statements for PostgreSQL, MySQL, and SQLite with automatic type inference

SQL

SQL to TypeScript/Prisma/Drizzle

Convert SQL CREATE TABLE statements to TypeScript interfaces, Prisma schema, and Drizzle ORM definitions for PostgreSQL, MySQL, and SQLite

BIO

ESLint to Biome Converter

Convert your ESLint config to Biome — maps 100+ rules from core, TypeScript, React, JSX-A11y, and import plugins to biome.json