There is no perfectly secure way to generate private keys for distribution; the most secure way is to have each client generate its keypairs and only transmit the public key.

However, if you’re in a situation where that simply won’t work, and you’re committed to generating keypairs centrally, you do have a few options.

There are Hardware Security Modules (HSMs) that do this for you. If you can afford it, this is the best way to go.

Failing that:

1. Ensure your web-app or the key-generator wrapper runs under its own user (I’ll call this user ‘kguser’ for the rest of this answer).
2. Make a non-web-accessible directory owned by kguser, with permissions 0700 (set with chmod)
3. Make sure your key-generator wrapper sets ‘umask 0177’; that should ensure that any files it creates are 0600 (only kguser will be able to read and write)
4. generate your keys specifying hard-to-guess (e.g. Random UUID) file names
5. chmod 0600 the key files as soon as you generate them, just in case your umask setting doesn’t hold or gets changed
6. transmit the private key via an SSL/TLS connection
7. securely erase the private key file (e.g. ‘shred’ on Linux)
8. use a cron job to regularly find and securely erase any private key files older than a few minutes (to clean up any files that are left due to an application error, crash, etc.)

If you’re really paranoid, you can also ensure that the keys are encrypted while on disk by having your web application use its own symmetric key to encrypt on writing and decrypt when sending to the user. However, that opens up more key-management to screw up, so I don’t recommend it.

Setting a passphrase on the key will help a lot as well, if you never store that passphrase to disk. If someone does manage to recover a passphrase-protected key, they still have to guess the passphrase for the key to be useful. However, this also means your users will have to provide a passphrase when they use the key — this may or may not be acceptable.