diff --git a/backups/pgp-encryption.md b/backups/pgp-encryption.md
new file mode 100644
index 0000000..a3d424b
--- /dev/null
+++ b/backups/pgp-encryption.md
@@ -0,0 +1,30 @@
+## PGP encryption
+
+```
+# work in an ephemeral directory in the RAM
+mkdir /dev/shm/tmp
+cd /dev/shm/tmp
+
+# create the cleartext files with the secrets
+
+## encrypt using GPG
+# import the pubkey of the recipient with curl
+curl https://keybase.io/${username}/key.asc | gpg --import
+# encrypt the file
+gpg --recipient ${username_or_email_or_PGPpubkey} --armor --output ${file_out} --encrypt ${file_in}
+# same in short
+gpg -ar ${username_or_email_or_PGPpubkey} -o ${file_out} -e ${file_in}
+
+## encrypt using keybase (https://keybase.io/encrypt)
+# using `keybase pgp pull` which
+# imports to GPG key chain for you
+keybase follow ${username}
+keybase pgp pull ${username}
+# encrypt
+keybase pgp encrypt -i ${file_in} -o ${file_out} ${username}
+
+# send the encrypted file(s) to the recipient(s)
+
+# secure delete the directory
+srm -r /dev/shm/tmp
+```