You can use pgp(1) public--key encryption with both, tar(1) and afio(1) . Using afio(1) is highly recommended, unless your archives will be small. Using tar(1) together with pgp(1) encryption limits your maximum size for archives to the free disk-space in your temporary directory.
When using encryption, you will be prompted for a default pass-phrase whenever you try to read the archive. This pass-phrase will be stored in an environment variable. This is unsafe! Every other user can read your environment , so make sure you know what you are doing. If you leave it empty, pgp(1) will prompt you for the pass-phrase again and again with every singe file it decrypts. Please, do read the pgp(1) manual page and documentation before using it!
There is also a problem with afio(1) and pgp(1) : If the encrypted file is bigger than the original one, current versions of afio(1) will store it unencrypted! So check your logfiles carefully when using encryption. Future versions of afio(1) will be more supportive for encryption and KBACKUP will support the new features of afio(1) as soon as they are available.
For legal reasons, I cannot include pgp(1) with KBACKUP . Its several versions are available from ftp--servers all over the world, e.g. from ftp.th-darmstadt.de.