How can one encrypt/decrypt a single file ecryptfs-style without mounting the whole filesystem? I am basically looking for a gpg -e/gpg -d analogue that produces output that can be understood by ecryptfs and used in userspace.
SnapOverflow
Since I couldn't find a utility to do that, I wrote one myself. Only does extraction to stdout at the moment and doesn't support encryption. It also only supports password protected files and doesn't support public keys. This thing hasn't been tested much, so there will be bugs, but it's at least a starting point in documenting the file format somewhat (which is flawed in quite a few ways):
pgp / gpg, tar & bash have been around for a few decades now, odds are they will still be available in a few more. For making backups for long-term archiving I'd use them
I'd go with gpg encrypting individual files (easily batched in a bash script), or even tar archive files (optionally compressed, but gpg can do that too).
Then later for seeing what's in the archives, doing a
gpg -d file.gpg | tar -tvwould list it's contents without actually decrypting everything to a file, and extracting only a file or two is possible too.