Openssl RSA Private Key Encrypt

Encrypt RSA Private Key

openssl rsa -aes256 -in your.key -out your.encrypted.key

The -aes256 tells openssl to encrypt the key with AES256-CBC.

to decrypt a rsa encrypted key, drop the -aes256 flag:

openssl rsa -in your.encrupted.key -out your.decrypted.key

Encrypt RSA Private Key with PKCS8

openssl pkcs8 - it uses a key derivation function and supports RSA, ECC and Edwards keys:

openssl pkcs8 -topk8 -in your.key -out your.encrypted.key

For even better security use the scrypt KDF:

openssl pkcs8 -topk8 -scrypt -in your.key -out your.encrypted.key

to decrypt a pkcs8 encrypted key, drop the -topk8 flag:

openssl pkcs8 -in your.encrypted.key -out your.decrypted.key