If you'd prefer to protect your private keys with AES-256 instead of one of the old DES variants supported by PKCS8, this will work:

public String toPem(String password) throws IOException {

  StringWriter sw = new StringWriter();

  try (JcaPEMWriter pemWriter = new JcaPEMWriter(sw)) {

    PEMEncryptor encryptor =
        new JcePEMEncryptorBuilder("AES-256-CBC").build(password);

    // privateKey is a java.security.PrivateKey
    JcaMiscPEMGenerator gen = new JcaMiscPEMGenerator(privateKey, encryptor);
    pemWriter.writeObject(gen);
  }

  return sw.toString();
}

You can verify the output with openssl. In my case the key is EC so this command is used:

$ openssl ec -in key.txt -passin pass:password -text

Adapt as required for RSA keys.

If you just want to output your private key to a passphrase "12345" protected PEM formatted and file "privatekey.pem" you can use this BC code:

    JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES);
    encryptorBuilder.setRandom(EntropySource.getSecureRandom());
    encryptorBuilder.setPasssword("12345".toCharArray());
    OutputEncryptor oe = encryptorBuilder.build();
    JcaPKCS8Generator gen = new JcaPKCS8Generator(privKey,oe);
    PemObject obj = gen.generate();

    PEMWriter pemWrt = new PEMWriter( new FileWriter("privatekey.pem"));
    pemWrt.writeObject(obj);
    pemWrt.close();

then afterwards you can get at the private key with openssl with

$ openssl rsa -in privatekey.pem -check
Enter pass phrase for privatekey.pem:
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
.....
-----END RSA PRIVATE KEY-----

The "standard" use of PEMWriter will not passphrase protect your private key:(