The result type depends on the selected encoding format, when PEM the result is a string, when DER it will be a buffer containing the data encoded as DER, when JWK it will be an object. Raw formats return a Buffer containing the raw key material.
Private keys can be encrypted by specifying a cipher and passphrase. The PKCS#8 type supports encryption with both PEM and DER format for any key algorithm. PKCS#1 and SEC1 can only be encrypted when the PEM format is used. For maximum compatibility, use PKCS#8 for encrypted private keys. Since PKCS#8 defines its own encryption mechanism, PEM-level encryption is not supported when encrypting a PKCS#8 key. See RFC 5208 for PKCS#8 encryption and RFC 1421 for PKCS#1 and SEC1 encryption.