Many popular commercial applications offer the possibility to protect an archive with a password. Is there something similar for Gnu/Linux?
Well, first of all one could use one of the those commecial apps, but it’s not advisable for at least three reasons:

• they come with restrictive licenses;
• they use weak algorithms (which the use can’t change);
• you have to install them by enabling unfree/multiverse repositories (at least rar);

So, what should one do? The answer is simple: just use tar + gpg which are respectively the best for archiving and the best for encrypting? This article briefly explains how you can put them together to create a password protected compressed archive.

To compress all the content of directory foo and store it in a file called archive.stgz (note stgz: a sort of secure tar gz):

$ tar cfz - foo | gpg -c -o archive.stgz

The above command just creates (tar option c) the archive of foo, compress it with gzip (tar option z) and the prints it through the standard output (tar option f with argument -).
Then, gpg reads its standard input through the pipe and encrypts it with a symmetrical algorithm using a password choosen by the user. In the end, the user obtains a new file called archive.stgz.

When the user wants to get the content back, he/she just has to run:

$ gpg -d archive.stgz | tar xfz -

The very nice aspect of this is that one can customise the above commands as he/she prefer.
For example the user could use bzip2 in the place of gzip by just using j instead of z with tar:

$ tar cfj - foo | gpg -c -o archive.stbz2
$ gpg -d archive.stbz2 | tar xfj -

Moreover, one could even use an asymmetrical cryptographic algorithm:

$ tar cfj - foo | gpg -s -e -o archive.stbz2
$ gpg -d archive.stbz2 | tar xfj -

For the above commands to work, the user must have at least one set of public+secret key. In addition, gpg will ask the passphrase for the secret key that it needs for signing the archive and the recipient (it must have access to his/her public key). If the option “-s” is omitted, only a recipient is required. If the option “-r” is used with a valid recipient (name or ID) nothing is asked:

$ tar cfj - foo | gpg -r bar -e -o archive.stbz2

On the other hand, when decrypting gpg will always ask the passphrase.

If you are in a hurry and don’t like to use terminals you could write it as a nautilus script which will do it for you. It shouldn’t be much difficult

If the algorithm and the password/passphrase are strong enough, this way is much more secure than the solution provided by other commercial products.

Hope it helps!

Reference:

• tar command POSIX reference manual at opengroup
• gpg online manual page