Generate a new private key, -des3 encrypts it:
$ openssl genrsa -des3 -out private.pem 1024
Generate a public key from a private key:
$ openssl rsa -in private.pem -pubout -out public.pem
Extract an unencrypted private key from a possibly encrypted private key:
$ openssl rsa -in private2.pem
And Bob's your Uncle.
