The first step is to create and maintain a local GPG encrypted mirror of the files that need to be backed up. This means that if you have 20GB of material to back up, you need at least another 20GB as a local encrypted mirror.
This mirror needs to mimic the structure of the directories to be backed up. File and directory creation, modification and deletion must be mirrored. The least expensive method to do this is simply to look at the date-stamp of a file versus its encrypted version. If a file is more recent than its encrypted copy, then it needs to be re-encrypted.
This method is not fool-proof, but pretty close. As long as hand tweaking of the encrypted copies is limited, the ”change” time of a file (you can get that using the “stat” command) is a reliable method to determine which file needs to be re-encrypted.
It should be noted that the encrypted copy of a file is actually first “tarred” (to preserve the modify time), then GPG encrypted.
There are no known commands to create a file-based GPG encrypted local mirror. A script (in Perl or other scripting languages) can be written to do this relatively easily.