What is the difference between encoding and encryption?

Encoding transforms data into a different format using a publicly known scheme — anyone with the same scheme can reverse it. Base64 and URL encoding are examples. Encryption uses a secret key to scramble data so only the holder of the correct key can read it. Do not use encoding to protect sensitive data; use encryption instead.

When do I need to Base64 encode something?

Base64 is used whenever binary or text data must pass through a channel that only supports ASCII text, such as HTTP Basic Auth headers, data URIs in HTML, JSON payloads that carry binary fields, and email MIME attachments.

Why does URL encoding use % followed by two hex digits?

The percent-encoding scheme, defined in RFC 3986, represents each unsafe byte as a percent sign followed by its two-digit hexadecimal value. A space becomes %20, an ampersand becomes %26, and so on. This ensures special characters cannot be misinterpreted as URL delimiters.

Can I use these tools to verify a JWT signature?

The JWT inspector decodes and displays the header, payload, and raw signature so you can read the claims and inspect the algorithm. Verifying the signature requires the secret or public key, which this tool does not perform — use a server-side library for signature verification.

How secure is the password generator?

The password generator uses window.crypto.getRandomValues(), the same cryptographically secure random source used by password managers and browsers for TLS. The generated passwords are never sent to a server and are not stored after the page is closed.

Encoding & Security Tools | DevToolsForYou

13 free browser-based tools

Encoding transforms data into a portable representation so it can travel safely across systems that have restrictions on character sets or byte ranges. These tools cover the most common encoding schemes developers encounter daily: Base64 for binary-to-text conversion, percent-encoding for URLs, HTML entity escaping for markup, and JWT inspection for authentication tokens. The hash and password tools extend into security territory — generating cryptographic digests for data integrity checks and producing randomised credentials using the browser's Web Crypto API. All processing runs locally in your browser, so nothing you paste is ever sent to a server.

Free online encoding and security tools — Base64 encoder/decoder, URL encoder/decoder, JWT inspector, hash generator, HTML escape, password generator, and more. All tools run entirely in your browser.

Base64 Encoder and Decoder

Encode text to Base64 or decode Base64 back into readable text with Unicode-safe support.

URL Encoder and Decoder

Encode or decode URLs, query strings, and parameter values for safe transport across the web.

JWT Encoder and Decoder

Decode JWTs and generate signed or unsigned tokens in the browser.

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text input.

HTML Escape Tool

Escape and unescape HTML entities for safe display in code, templates, and content.

Binary / Hex / Octal Converter

Convert numbers between binary, octal, decimal, and hexadecimal instantly — see all four bases at once.

Password Generator

Generate secure random passwords with configurable length, character sets, and a built-in strength indicator.

Password Strength Checker

Check password strength with entropy calculation, character composition analysis, and estimated crack times at different attack speeds.

HTTP Request Builder

Build, send, and inspect HTTP requests with custom headers, query params, and body — all in your browser.

HTTP Request Replay

Paste a curl command or raw HTTP request, edit any field, and replay it instantly. Supports all common curl flags, multi-line commands, and raw HTTP request format.

cURL to Code Converter

Convert any curl command into runnable code in JavaScript, Python, PHP, Go, Ruby, or Java — no signup required, all processing in the browser.

Base64 File Encoder / Decoder

Encode any file or text to Base64, or decode Base64 back to its original form. Supports images, PDFs, certificates, and any binary file — fully in-browser.

JWT Expiry Visual Timeline

Paste a JWT and see its lifecycle on a visual timeline — issued, not-before, expiry, and current time. All claims decoded inline, status shown at a glance.

Frequently asked questions

What is the difference between encoding and encryption?: Encoding transforms data into a different format using a publicly known scheme — anyone with the same scheme can reverse it. Base64 and URL encoding are examples. Encryption uses a secret key to scramble data so only the holder of the correct key can read it. Do not use encoding to protect sensitive data; use encryption instead.
When do I need to Base64 encode something?: Base64 is used whenever binary or text data must pass through a channel that only supports ASCII text, such as HTTP Basic Auth headers, data URIs in HTML, JSON payloads that carry binary fields, and email MIME attachments.
Why does URL encoding use % followed by two hex digits?: The percent-encoding scheme, defined in RFC 3986, represents each unsafe byte as a percent sign followed by its two-digit hexadecimal value. A space becomes %20, an ampersand becomes %26, and so on. This ensures special characters cannot be misinterpreted as URL delimiters.
Can I use these tools to verify a JWT signature?: The JWT inspector decodes and displays the header, payload, and raw signature so you can read the claims and inspect the algorithm. Verifying the signature requires the secret or public key, which this tool does not perform — use a server-side library for signature verification.
How secure is the password generator?: The password generator uses window.crypto.getRandomValues(), the same cryptographically secure random source used by password managers and browsers for TLS. The generated passwords are never sent to a server and are not stored after the page is closed.