The key to any encryption scenario is: first, the key; and then, the leakiness. The bottom-line, then, is not only that "it's more difficult than it looks," but also that "it has been done before, and done quite thoroughly."
If you have individual files to encrypt, I suggest that you obtain a copy of the
gpg security suite (free, of course ...) and then read its documentation thoroughly, especially the part about keychains and digital certificates.
http://www.gnupg.org ...
http://gnupg.org/gph/en/manual.html.
You want a scenario that is pragmatically simple for
you to actually use, in real life, knowing that this business-requirement is one that has been solved, and solved very well. You'll want to not only "keep it to yourself," but maybe also to know that a document isn't forged, hasn't been tampered with. Maybe you will need for it to be sent reliably to someone else, such that no one but the intended recipient can open it
(and they'll positively know that it came from
you, and that it hasn't been altered in-transit), even though neither of you know one another's private keys, and so on and on. You'll want an easy way to exchange keys, through a public keyserver.
You'll want to encrypt those private keys with a passphrase, but, y'know, if you had to
type it in each and every time, you'd inevitably pick a short, weak one that's easy to (re-)type. What you need, then, is a nice "keychain" that will let you "unlock" that key, use it for a few minutes, then "lock" it again. You need to be able to change that passphrase without invalidating any of the documents that were encrypted in the past. If a laptop gets nicked, you need to be able to kill
those keys but not others.
Got that.
So: "we have the technology." You're not trying to break any laws here ... you just need rugged, civilian-grade security. And, in my opinion, "gpg is
it."