Base32 Encoder / Decoder Online | OTP Key Converter

Free online Base32 encoding and decoding, supporting Google Authenticator key format, processed locally for enhanced security

🛡️ Base32 (OTP) Converter

Powered by hi-base32

Utilizes a 32-character set (A-Z, 2-7), case-insensitive, widely used for Google Authenticator secrets and binary data transmission.

Usage Tips

  • Encode: Convert plain text (e.g., "Hello") into a Base32 string (e.g., "JBSWY3DP"), commonly used for key generation.
  • Decode: Restore Base32 encoded text back to its original form, automatically cleaning spaces and line breaks.
  • Supports the standard Base32 format with padding characters "=", as well as compact formats without padding.
  • All conversions are performed locally; data never leaves your device, ensuring privacy and security.
  • Base32 output contains only uppercase letters A-Z and digits 2-7, potentially ending with "=" padding.

About the Base32 Encoder and OTP Key Generator

What is Base32 Encoding?

Base32 is a binary-to-text encoding scheme that represents binary data using a set of 32 distinct printable characters. The standard alphabet consists exclusively of uppercase letters A through Z and the digits 2 through 7, intentionally excluding easily confused characters like 0, 1, 8, and 9. This thoughtful design makes Base32 an excellent choice for scenarios requiring manual transcription, as it is entirely case-insensitive and highly resistant to human error. Unlike Base64, which incorporates symbols and mixed case, Base32 prioritizes clarity and reliability over maximum density. The encoding process takes arbitrary binary input, groups it into 5-bit segments, and maps each segment to its corresponding character in the alphabet, appending padding characters if the final group is incomplete. This tool leverages the efficient hi-base32 library to provide precise, standards-compliant encoding and decoding capabilities, specifically optimized for handling cryptographic keys used in modern two-factor authentication systems.

How Base32 Powers Two-Factor Authentication

In widely adopted authenticator applications such as Google Authenticator and Microsoft Authenticator, the shared secret seed for generating time-based one-time passwords is typically stored and transmitted in Base32 format. A familiar example is a key like "JBSWY3DPEBLW64TMMQ", which is a Base32 representation of a binary secret. When you set up an account with 2FA, this string is either typed manually or embedded within a QR code URI, allowing the authenticator app to import the secret securely. The app then uses this Base32-decoded binary secret as input to the TOTP algorithm, producing a new 6-digit passcode every 30 seconds. Understanding Base32 is therefore essential for auditing, debugging, or manually generating these secrets. This tool allows you to directly decode these keys to inspect their raw underlying bytes, or to encode arbitrary text strings into Base32-compatible keys, giving you full control over the provisioning process.

How to Use the Base32 Online Converter

Using the Base32 converter is straightforward and does not require any technical expertise in cryptography. To encode text into a Base32 string, simply paste or type your input into the text area and click the "Encode" button. The resulting Base32 string will appear in the result box, ready to be copied as a secret key or shared configuration parameter. To decode an existing Base32 string back to readable text, paste the encoded sequence into the same input area and click "Decode". The tool automatically sanitizes the input by removing spaces and line breaks, and handles both padded and unpadded Base32 variants gracefully. All processing occurs locally within your browser using JavaScript, meaning no sensitive key material is ever transmitted to a remote server, eliminating the risk of interception or logging by third parties.

Relevant Standards and Concepts

RFC 4648

This specification defines the canonical Base32 standard, including the exact alphabet "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567" and the optional padding character "=". This tool adheres strictly to the RFC 4648 encoding rules.

OTP (One-Time Password)

Algorithm-based passwords that are valid for only a single login session or transaction. TOTP and HOTP standards use a shared Base32 secret to generate dynamic codes synchronized by time or counter events.

Base32 vs Base64

Base32 expands data by roughly 20% more than Base64, but trades density for a friendlier character set with no symbols, making it ideal for environments requiring human input or dictation without ambiguity.

Frequently Asked Questions

Q: Why does the decoded text appear as garbled characters?

A: Base32 encodes arbitrary binary data, not exclusively UTF-8 text. If the original binary input was not UTF-8 encoded, decoding it directly as a string may produce unreadable output. For most common use cases involving text-based keys and identifiers, the tool processes input correctly using UTF-8 encoding.

Q: Is the padding character "=" strictly necessary in a Base32 string?

A: According to the formal standard, Base32 output length must be a multiple of 8, and padding with "=" is required when the final block is incomplete. However, many real-world implementations, particularly Google Authenticator, accept keys without trailing padding for brevity. This tool automatically appends padding during encoding but handles unpadded input during decoding without errors.

Q: Can I use this tool to generate a secret for Google Authenticator?

A: Yes, you can use the encode function to convert any memorable phrase or string into a Base32-encoded secret. This secret can then be manually entered into your authenticator app. Ensure your encoded string meets the app's minimum length requirements, typically at least 16 characters after encoding, for adequate cryptographic strength.

Q: Is it safe to convert sensitive keys using an online Base32 converter?

A: This tool is designed with a privacy-first architecture. All encoding and decoding operations execute entirely within your browser's JavaScript engine. No input data, keys, or conversion results are ever sent over the network to a server, logged, or stored. The page can even be saved and used offline after the initial load, making it suitable for handling proprietary authentication secrets.

Q: What is the difference between Base32 and other encoding schemes like hexadecimal?

A: Hexadecimal (Base16) represents each 4 bits of data as one character from 0-9 and A-F, doubling the original data size. Base32 packs 5 bits per character, increasing data size by approximately 60%, which is more efficient than hex but less dense than Base64. The human-friendly alphabet of Base32, avoiding look-alike digits, makes it the preferred choice for security-critical contexts where manual keying is expected.

Q: Does the tool support the extended hex or z-base-32 variants?

A: The current implementation follows the classic RFC 4648 standard alphabet. Extended Hex Base32 uses a different character set starting with digits, and z-base-32 is optimized for human speech. While these variants are not directly selectable, the core binary encoding logic is identical; only the symbol mapping differs. For most TOTP and standard cryptographic applications, the classic alphabet is the required format.

Related Tools

Base64 Converter

Supports Standard, URL Safe, and other modes, covering text & image (DataURL) conversion

Base58 (BTC)

Common encoding in Bitcoin, removing confusing characters like 0, O, I, l for better readability

Base16 (Hex)

Hexadecimal encoding using 0-9 and A-F, commonly used for viewing raw binary data, hash values, and color codes

Base62 (ShortURL)

Composed of 0-9, a-z, A-Z with no special symbols, the preferred scheme for short URL generation and database ID compression

Base85 (Ascii85)

High-efficiency encoding scheme, more space-efficient than Base64, mainly used in PDF file storage and Git binary patches

Hex / Hexadecimal

Bidirectional conversion between raw binary streams and hex strings, supporting various delimiter formats

Unicode / UTF-16

Handles precise mapping conversion between UTF-8, UTF-16LE/BE, and Latin1 encodings

Punycode Domain

Converts non-ASCII domain names (e.g., Chinese) into browser-recognizable xn-- encoding

Quoted-printable

Common encoding for email transmission, converting non-ASCII characters into printable =XX format

HTML Entity Converter

Escapes special symbols (e.g., <) to prevent XSS attacks or display errors

Random Password Generator

Generate strong passwords with customizable length and character sets (digits, uppercase/lowercase letters, symbols), supports batch generation

Password Strength Checker

Multi-dimensional analysis of password complexity and entropy, with estimated crack time and improvement suggestions

Breach Database Check

Check online whether a password appears in known public credential stuffing databases (privacy-protected via k-Anonymity)

MD5 Hash

Generate a 128-bit hash value, commonly used for file integrity verification or quick fingerprinting

SHA-256/224 Hash

A highly secure 256-bit digest, a core algorithm for digital signatures and blockchain

SM3 National Cipher Digest

Standard of China's State Cryptography Administration, suitable for domestic security and government application scenarios

HMAC Authentication

Keyed-hash authentication based on MD5/SHA, used to verify message integrity and sender identity signature

AES Encryption/Decryption

Industry-grade Advanced Encryption Standard, supporting CBC, CFB, CTR, OFB, and ECB modes

DES Encryption

Traditional symmetric encryption standard, using single-length key mode, mostly for compatibility with legacy systems like power grids

TripleDES Encryption

Triple Data Encryption with three-key mode, more secure than DES, commonly used in financial systems