Short version: For quick exchange, a passworded ZIP is fine; for stronger protection and hiding filenames, use tar piped into gpg --symmetric.
Option A — Quick ZIP (password prompt)
# Single file
zip -e backup.zip important.txt
# Whole directory (recursively)
zip -er project.zip ./project/Note: Traditional ZIP encryption is weaker and may reveal filenames/metadata to observers. Use only for low-risk data or when the receiver can only handle ZIP.
Option B — Stronger: tar + GPG (recommended)
# Create encrypted archive (AES-256 by default on many systems)
tar -czf - ./project | gpg --symmetric --cipher-algo AES256 -o project.tgz.gpg
# Decrypt & extract
gpg -d project.tgz.gpg | tar -xzf -Good practice
- Choose strong passphrases; avoid reusing across archives.
- Store passphrases in a password manager; don’t email them alongside the file.
- Shred temporary plaintext files after creating the archive if appropriate.
Security gaps in Linux and cloud systems risk downtime, data compromise, lost business — and compliance failures.
With 20+ years’ experience and active UK Security Check (SC) clearance, I harden Linux and cloud platforms for government, corporate, and academic sectors — ensuring secure, compliant, and resilient infrastructure.