Source: mightypile https://askubuntu.com/a/829835
I do this with asymmetric key encryption. That means I have a public key (that I can share with anyone I'd like to send me encrypted packages) which allows me to encrypt the package. I also have a private key (that I do not share) which allows me to decrypt the package.
My commands to encrypt the current working directory: the -e to encrypt, the -r to specify a "recipient" or key to use, the -o to specify the output file.
$ tar -cvz . | gpg -e -r ABCD1234 -o backup.tgz.gpg
And to decrypt to the current working directory:
$ gpg -d backup.tgz.gpg | tar -xz
Or to decrypt to a standard tgz file for later unpacking:
$ gpg -o backup.tgz -d backup.tgz.gpg
Of course, this only works if I have already generated a public-private key pair and installed it with gpg. In my case, I have done so using Digital Ocean's guide at https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages-on-an-ubuntu-12-04-vps. The ABCD1234 in the encryption command refers to one of the public keys installed on my system. This guide also covers how to share your public key and install others' public keys to send and receive encrypted files.