diff --git a/src/keys/rsa-class.js b/src/keys/rsa-class.js
index c08665a..6291c0a 100644
--- a/src/keys/rsa-class.js
+++ b/src/keys/rsa-class.js
@@ -103,16 +103,11 @@ class RsaPrivateKey {
   /**
    * Exports the key into a password protected PEM format
    *
-   * @param {string} [format] - Defaults to 'pkcs-8'.
    * @param {string} password - The password to read the encrypted PEM
+   * @param {string} [format] - Defaults to 'pkcs-8'.
    * @returns {KeyInfo}
    */
-  async export (format, password) { // eslint-disable-line require-await
-    if (password == null) {
-      password = format
-      format = 'pkcs-8'
-    }
-
+  async export (password, format = 'pkcs-8') { // eslint-disable-line require-await
     let pem = null
 
     const buffer = new forge.util.ByteBuffer(this.marshal())
diff --git a/test/keys/rsa.spec.js b/test/keys/rsa.spec.js
index 4c19fdc..77a9cae 100644
--- a/test/keys/rsa.spec.js
+++ b/test/keys/rsa.spec.js
@@ -88,7 +88,7 @@ describe('RSA', function () {
 
   describe('export and import', () => {
     it('password protected PKCS #8', async () => {
-      const pem = await key.export('pkcs-8', 'my secret')
+      const pem = await key.export('my secret', 'pkcs-8')
       expect(pem).to.startsWith('-----BEGIN ENCRYPTED PRIVATE KEY-----')
       const clone = await crypto.keys.import(pem, 'my secret')
       expect(clone).to.exist()