All posts
June 20, 20265 min read

RSA key formats: PKCS#1 vs PKCS#8 vs SPKI

An RSA key is just a set of numbers, but those numbers get wrapped in several different encodings, and software is picky about which one it accepts. The good news is you can tell them apart at a glance from the PEM header line.

Reading the header

  • -----BEGIN RSA PRIVATE KEY----- is PKCS#1: the original RSA-specific private key format.
  • -----BEGIN PRIVATE KEY----- is PKCS#8: a newer, algorithm-agnostic wrapper that can hold RSA, EC, or other key types. It is the modern default.
  • -----BEGIN PUBLIC KEY----- is SPKI (SubjectPublicKeyInfo): the standard public key format, again algorithm-agnostic.
  • -----BEGIN RSA PUBLIC KEY----- is the older PKCS#1 public key form.

The header is not decoration; it tells the parser how to read the bytes inside. A library expecting PKCS#8 will reject a PKCS#1 body even though the underlying key is identical.

Why you end up converting

Different ecosystems standardized on different formats. OpenSSL historically emitted PKCS#1; most modern languages and libraries (Java, Node's WebCrypto, Go) expect PKCS#8 private keys and SPKI public keys. So a key that works perfectly in one tool throws a parse error in another, purely because of the wrapper.

The conversion is lossless and reversible: the same key numbers are simply re-wrapped. Converting PKCS#1 to PKCS#8 does not weaken or change the key, it just relabels how it is stored.

Doing it without leaking the key

A private key should never be pasted into a server you do not control. The RSA Key Converter re-encodes between PKCS#1, PKCS#8, and SPKI entirely in your browser, so the key never leaves your machine. If you are converting full certificate bundles rather than bare keys, see convert SSL certificate formats.