Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How to convert a java private key from PKCS#1 encoding to PKCS#8

I had some historical key material data in pkcs#1 format that needed to be in pkcs#8 for input into another system. Here's how to do it, using BouncyCastle:

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

    public static byte[] toPkcs8(PrivateKey k) throws IOException {
        final String keyFormat = k.getFormat();

        if (keyFormat.equals("PKCS#8")) {
            return k.getEncoded();

        else if (keyFormat.equals("PKCS#1")) {
            try (ASN1InputStream asn1InputStream = new ASN1InputStream(k.getEncoded())) {
                DERObject rsaPrivateKey = asn1InputStream.readObject();
                return new PrivateKeyInfo(
                        new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption), rsaPrivateKey)

        throw new IOException("Unexpected key format" + keyFormat);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment