diff --git a/README.md b/README.md
index da532c6..8fcf654 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,10 @@ Named elliptic curve to use to generate a key. Valid values are P256, P384, P521
 
 Number of bits to use when generating RSA or octet keys
 
+**--rsa-format="PKCS8"**
+
+RSA private key format. Valid values are PKCS1 (PKCS #1) or PKCS8 (PKCS #8)
+
 **--pem**
 
 Output only PEM format (useful for pipelining results and shell scripting)
diff --git a/jwkgen.go b/jwkgen.go
index 049ef0d..8d98bfb 100644
--- a/jwkgen.go
+++ b/jwkgen.go
@@ -22,6 +22,9 @@ var (
 	bits = kingpin.
 		Flag("bits", "Number of bits to use for RSA or octet keys").
 		Short('b').Default("2048").Int()
+	rsaKeyFormat = kingpin.
+		Flag("rsa-format", "RSA private key format. Valid values are PKCS1 (PKCS #1) or PKCS8 (PKCS #8)").
+		Default("PKCS8").String()
 	onlyPEM  = kingpin.Flag("pem", "Print only PEM format").Bool()
 	onlyJWK  = kingpin.Flag("jwk", "Print only JWK format").Bool()
 	keyType  = kingpin.Arg("key type", "Key type: oct, rsa, ec").Default("ec").Enum("oct", "rsa", "ec")
diff --git a/pem_writer.go b/pem_writer.go
index 7faaddb..02dc2ac 100644
--- a/pem_writer.go
+++ b/pem_writer.go
@@ -17,7 +17,18 @@ func pemBlockFor(obj interface{}) (*pem.Block, error) {
 	var der []byte
 	switch o := obj.(type) {
 	case *rsa.PrivateKey:
-		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(o)}, nil
+		switch *rsaKeyFormat {
+		case "PKCS1":
+			return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(o)}, nil
+		case "PKCS8":
+			der, err := x509.MarshalPKCS8PrivateKey(o)
+			if err != nil {
+				return nil, errors.Wrap(err, "Unable to marshal RSA private key")
+			}
+			return &pem.Block{Type: "PRIVATE KEY", Bytes: der}, nil
+		default:
+			return nil, errors.Errorf("Unknown key format: %v", reflect.TypeOf(obj))
+		}
 	case *ecdsa.PrivateKey:
 		der, err = x509.MarshalECPrivateKey(o)
 		if err != nil {