🔐 URL Safe Base32 Encoder – Encode & Decode Online
Base32 encoding converts arbitrary binary data or plain text into a string using only 32 printable characters — making the output safe for URLs, file names, DNS labels, and case-insensitive environments without any percent-encoding. This tool supports real-time encoding and decoding across four popular Base32 alphabet variants, with full control over padding, line wrapping, and chunk formatting for token-style output.
🔤 Why Base32 Instead of Base64?
Base64 is the most compact text encoding (~33% overhead), but its alphabet includes +, /, and = — characters that have special meaning in URLs and shell environments. Base32 avoids all special characters and is fully case-insensitive, making it ideal for:
- TOTP / 2FA secret keys — RFC 4648 Base32 is the standard encoding for Google Authenticator, Authy, and other TOTP implementations.
- URL tokens & path segments — No reserved characters means no percent-encoding is ever needed.
- DNS labels & subdomains — DNS is case-insensitive and restricted to alphanumeric characters, making Base32 a natural fit.
- QR code payloads — Base32 takes advantage of QR code's alphanumeric mode (more compact than byte mode for uppercase-only data).
- Human-readable tokens — Crockford Base32 strips confusing characters (I, L, O, U) to reduce transcription errors.
📐 Supported Alphabet Variants
| Variant | Alphabet (32 chars) | Best For |
|---|---|---|
| RFC 4648 | A–Z, 2–7 | TOTP secrets, general purpose (the default) |
| Base32hex | 0–9, A–V | Lexicographic sort order preserved (DNS, databases) |
| Crockford | 0–9, A–Z (excl. I, L, O, U) | Human-readable IDs, serial numbers, voucher codes |
| z-base-32 | Lowercase, human-optimised | Fingerprints, hashes typed by hand |
⚙️ How Base32 Encoding Works
Base32 operates on 5-byte (40-bit) blocks:
- Convert input text to a
Uint8Arrayof UTF-8 bytes. - Group bytes in blocks of 5 (40 bits total per block).
- Split each 40-bit block into eight 5-bit values (0–31).
- Map each 5-bit value to the corresponding character in the selected alphabet.
- Append
=padding characters to make the output length a multiple of 8 (RFC 4648 and Base32hex only).
Input: "Hello" → 72 65 6C 6C 6F (hex bytes)
Binary: 01110010 01100101 01101100 01101100 01101111
5-bit: 01110 01001 10010 10110 11000 11011 00011 01111
Index: 14 9 18 22 24 27 3 15
RFC4648: O J S W Y 3 D P
Output: JBSWY3DP (no padding needed for 5-byte input)📊 Encoding Size Overhead
Base32 expands data by approximately 60% (8 Base32 chars per 5 input bytes = 1.6× expansion). With = padding, the output is always a multiple of 8 characters.
5 bytes
→ 8 Base32 chars
~1.6×
size expansion
5 bits
per character
🔑 TOTP Secret Keys & Chunk Formatting
TOTP (Time-based One-Time Passwords, RFC 6238) uses RFC 4648 Base32 to encode secret keys. Authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator expect keys in this format. For human-friendly display (e.g., in setup wizards), the key is often chunked into 4- or 8-character groups separated by hyphens: JBSWY3DP-FQQFO33S-NRSCC===.
Use the Chunk Size option in this tool to automatically format encoded output into TOTP-style tokens. Padding is typically stripped from TOTP keys since authenticator apps don't require it.
🔄 Decoding Base32
The decoder accepts Base32 strings in any supported alphabet and recovers the original UTF-8 text. The decoder automatically strips whitespace, hyphens, underscores, and = padding before processing. Invalid characters for the selected alphabet are flagged with a helpful error message identifying the exact character.