We are in need of an encryption process for backups of very valuable data. This data will be stored on a distributed filesystem, so even with permissions set right, it's not out of reach that this data is copied or read. I'm searching for a reasonably simple method to encrypt tar archives and only have them readable by three individuals.
After lots of searching, I would like to know if GPG with reasonable key lengths (pub/priv keys) could be used or if a symmetric encryption scheme would be as secure. I'm favoring a public key approach because I could automate the encryption without storing the password.
The private keys or password can be transferred reasonably securely out-of-band and I would like the data to be unreadable without the keys for long term archiving.
Edit: I guess the big problem with publicly accessible backups is the keylength. I don't want the data to be readable in five years. Even going to 2048 Bit doesn't guarantee me, that a smart researcher doesn't come up with a new attack.
I guess if I'd need at least 20 years, 4096 or even 8192 Bit are reasonable?
Entropy for the generation is also a factor I'm looking at, but I have a fairly good randomness source (not a PRNG) and am just checking, how GPG can use it.
Any other thing I have to consider?
Edit II: The target audience is me and two colleagues, so I assume that after consulting a HowTo written by me, the other two will be able to use GPG4Win.
I'm trying to protect against users reading the files, of course. The files will be semi-available to a wider audience (think of a corporate network where every workstation is partly part of a distributed replicated filesystem like GlusterFS). I also need to protect the integrity of the files, not so much their availability (Gluster takes care of that).