If you want basic security that most people will not be able to break, what MrDinkel suggested should be good enough. Which is completely reasonable.
Of course, in this case what's between the attacker and the file is essentially the user password. It might "sound" complicated with talks of various private/public keys and symmetric keys, etc. etc. etc. and other crypto jargon, but essentially it all boils down to the user password. If the attacker has "full" access to your system, he can just brute force this. I mean, think about it. When an attacker sits infront of your computer and you sit infront of the computer, what DOESN'T he know that only you know? How many characters is it? How long will it take to brute force it?
.. The chain might be long, but it starts with a hidden knowledge of a very few characters.
But.... most people don't have the capability to break the whole chain. Even many self proclaimed computer gurus/hackers/script kiddies. So, I wouldn't worry about it.
If you want "true" data security, that's something else. We can talk about it. If you want we can continue the discussion.
FOr the time being I am going to keep the discussion here.
Since the topic of data security is independent of OSs. Even though, some solutions like ^^ do depend on it.