Encryption is enabled by entering an encryption key when using s3cmd --configure
If you do not enter a key, your data will not be encrypted. 

When encryption is used, S3cmd pipes the file through gnupg, saving the encrypted version as /tmp/tmpfiles-{random 20 char string}.  This encrypted file is then transferred to S3, using the original filename for S3 storage. 

Some problems can occur with encryption:  if you have a small /tmp directory and wish to encrypt files larger than the size of /tmp, it will fill up /tmp and fail.  Your server may also experience severe problems if other processes need the /tmp directory to store files.

If you kill the s3cmd process while it is in the midst of transferring an encrypted file, the temp file stored in /tmp will not be deleted, clogging up the tmp directory.  I wrote a bash script to periodically delete any old /tmp files created by s3cmd.

The encryption process uses symmetric encryption.  CAST5 (CAST128) is the default symmetric encryption alorithm in gnupg available on CentOS 5.  I edited the gpg-encrypt command line in the config file to change the algo to AES256.

I am evaluating this tool for use within my clients, and it looks good.  I did a functionality comparison with other packages and it won.  Nice job!
Otto Monnig, MSSE
Kodiak Technology Group