How to use the Base32 Decoder
Decode a Base32 string in three steps:
1
Paste the Base32 string
Paste any Base32 string — padded or unpadded, uppercase or lowercase. Spaces and dashes used for readability grouping are stripped automatically.
2
Decode instantly
The decoded plain text appears immediately. An error is shown if the input contains characters not in the Base32 alphabet (A–Z, 2–7).
3
Copy the decoded output
Copy the recovered text or download it. The footer shows input length and decoded byte count.
When to use this tool
Use Base32 decoding to recover original data from Base32-encoded strings:
- →Decoding TOTP secret keys distributed as Base32 strings to inspect the raw secret bytes for debugging authenticator apps
- →Recovering the original data from a Base32-encoded identifier in a DNS record, file name, or system label
- →Inspecting Base32-encoded values in configuration files or environment variables to verify their content
- →Decoding Base32 strings received from an API or external system that uses Base32 for binary data transport
- →Verifying that a Base32 encoding round-trip (encode then decode) produces the original input correctly
- →Debugging Base32-encoded data in DNSSEC NSEC records or other protocol fields that use Base32 encoding
Frequently asked questions
Q:Why does my Base32 string fail to decode?
Base32 decode failures are typically caused by: (1) the string contains characters outside the Base32 alphabet (A–Z, 2–7) — the digits 0, 1, and 8–9 are not valid; (2) the string length is not a multiple of 8 and is missing padding; (3) the string uses a different Base32 variant such as Base32Hex (0–9, A–V). The tool accepts both padded and unpadded input and normalises case, which resolves most failures.
Q:Does the decoder accept lowercase Base32?
Yes — Base32 is case-insensitive. The decoder normalises all input to uppercase before decoding, so 'jbswy3dp' decodes identically to 'JBSWY3DP'. This is intentional — RFC 4648 defines Base32 as case-insensitive, and TOTP secrets are sometimes displayed in lowercase or mixed case.
Q:What are the spaces and dashes in some Base32 strings?
Some applications display Base32 strings with spaces or dashes inserted for readability — for example 'JBSW Y3DP' or 'JBSW-Y3DP'. These formatting characters are not part of the Base32 alphabet and must be removed before decoding. The tool strips spaces, dashes, and other non-Base32 characters automatically before attempting to decode.
Q:How do I decode a TOTP secret key?
TOTP secret keys are typically 16 or 32 Base32 characters long (representing 10 or 20 bytes). Paste the key directly into the decoder. The decoded output will be raw bytes — likely non-printable binary data rather than readable text, because TOTP secrets are randomly generated byte strings. The Base32 form is the shareable representation; the decoded bytes are used internally by authenticator algorithms.
Q:Is there a padding requirement?
RFC 4648 Base32 requires = padding to make the encoded length a multiple of 8. However, many real-world implementations omit padding (especially TOTP secrets). The decoder handles both: if padding is missing, it is inferred from the string length. The tool also silently strips any = characters before decoding, so over-padded input is also handled gracefully.
Q:What is the decoded size compared to the encoded string?
Base32 encodes 5 bytes as 8 characters, so decoding takes 8 Base32 characters and produces 5 bytes of output. A 32-character Base32 string decodes to 20 bytes. A 16-character string decodes to 10 bytes. The decoded byte count is shown in the output footer. If the output is a text string, its character count will equal the byte count only for ASCII; Unicode characters may use more bytes than characters.