Your method would probably do. Run through scenarios to restore to make sure you have all the pieces you need.
More general advice would be 3-2-1:
3 copies on
2 different types of media and
1 in the cloud in another timezone/continent.
For encryption of the file, you could probably do something like storing the backup file as an attachment in a Keepass entry that is encrypted with a word you can remember. That’d do, and work out on any platform where you could find a keepass app to open it. Possibilities!