Base32 Encoder/Decoder

Base32 is a binary-to-text encoding scheme defined in RFC 4648 that represents binary data using a 32-character alphabet (A-Z and 2-7). Unlike Base64, Base32 uses only uppercase letters and digits, making it case-insensitive and suitable for systems that don't distinguish between upper and lowercase characters. Each Base32 character represents 5 bits of data, and encoding groups 5 bytes into 8 characters, with padding using the '=' symbol when input length is not a multiple of 5.

Base32 is preferred over Base64 in several scenarios. Two-factor authentication (2FA) systems like Google Authenticator use Base32 because the encoded secrets are case-insensitive and easy to type manually. DNS TXT records benefit from Base32 because DNS is case-insensitive. File systems that don't distinguish case also favor Base32. While Base32 produces larger output than Base64 (60% larger), the case-insensitivity advantage is critical in these use cases.

TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) protocols, defined in RFC 6238 and RFC 4226 respectively, use Base32 to encode shared secrets. When you set up 2FA with an authenticator app, the QR code contains a Base32-encoded secret key. Understanding Base32 encoding helps developers implement and debug authentication systems, and helps security professionals audit 2FA implementations.

Always use standard Base32 (RFC 4648) unless your system specifically requires a variant like Base32hex. Include proper padding with '=' characters for interoperability. When handling authentication secrets, process them locally to avoid exposing sensitive data. Validate decoded output to ensure data integrity. Remember that Base32 is an encoding, not encryption — it provides no security on its own.