Encrypting archives is particularly useful when backing up large amounts of data or sending sensitive files. There are a variety of ways to encrypt archives.

Quick and Easy: gpg

To archive and encrypt a directory using gpg, run this command:

tar -cz your_dir | gpg -c -o your_archive.tgz.gpg

To unarchive it later, use this:

gpg -d your_archive.tgz.gpg | tar xz

Encrypting with Keys: openssl

First, create your keys. You only need to do this once, and with all subsequent archives, you can may just use the keys you created previously:

openssl genrsa -out key.pem 2048
openssl rsa -in key.pem -out key-public.pem -outform PEM -pubout

Now archive the directory or files you wish to encrypt and then save a passphrase into a file:

echo -n "your passphrase here" > key.txt

Use openssl to encrypt to encrypt your newly created archive using the file you just created:

openssl enc -aes-256-cbc -pass file:key.txt < UNENCRYPTED_FILE > encrypted.dat

Encrypt your passphrase using the public key you created in the beginning:

openssl rsautl -encrypt -pubin -inkey key-public.pem < key.txt > enc.key.txt

Save encrypted.dat and enc.key.txt in a safe and accessible place. You will need them to decrypt the archive.

In order to decrypt the archive, first decrypt your passkey text file using your private key:

openssl rsautl -decrypt -inkey key.pem < enc.key.txt > key.txt

Decrypy the file after decrypting your passkey file:

openssl enc -aes-256-cbc -d -pass file:key.txt < encrypted.dat > UNENCRYPTED_FILE

Using openssl is far more complicated, but it is more reliable and supported compared to gpg.