I have created a program called tarcrypt which takes the output of a standard tar file (focused on Gnu tar currently), and adds compressed/encrypted extensions. This encrypts the file contents while providing standard TAR headers (with extended values in the PAX header fields). The purpose is to be able to send the encrypted tar file to backup servers which ingest a tar file input, and maintain a data catalog DB for managing the backed up files.The documentation (including file format, security discussion, and usage) is at: https://www.snebu.com/tarcrypt.html and the code is in the Snebu code repository at https://github.com/derekp7/snebu.
I'd like to make sure I don't have any major design blunders prior to finalizing the release (of both tarcrypt and the updated Snebu code).
All code is GPLv3.