Can you generate bitcoin addresses without storing a private key?

Suppose you have a possibly compromised system, which you do not trust enough to stores your private keys on.

Is there some process where you can generate unique bitcoin addresses within the system, that does not contain a private key?

To clarify:

You have a web server that clients use to make orders. You want to create a unique bitcoin address per purchase. In addition, you don’t want the server to contain your bitcoin private keys – an attacker gaining access to the server shouldn’t be able to touch your bitcoins.

How do I get the public bitcoin address from a given private key in wallet import format offline?

I have made paper wallets. And I continually send what bitcoins I get to them. I’m paranoid that I’ve been sending bitcoins to the paper bitcoin addresses where somehow at sometime my saved private keys got corrupted. So from time to time I want to run a script, python or whatever, to check if my private keys do correspond to the public address that I’ve been sending bitcoins to. I want an offline solution so things like the satoshi client would not do. Is there a small script written by someone that can solve this?