I am not a crypto maven, which means my ability to analyze the strength of various crypo systems is poor, although people say PGP is good at encrypting files and messages. I also had the thought of encrypting a file with one encryption scheme on top of another one - encrypting my file with one encryption scheme, and encrypting that encrypted file with another encryption scheme - although that idea is so obvious I am sure it is not a novel idea.
What is slightly novel is if I use a system with some tested (but uncertain) strength like PGP, and within it encrypt something with my own rolled crypto - this might protect me somewhat. Outside is the battle tested crypto of something like PGP. Inside is my own crypto system which might have some weaknesses, but which will probably take some hours of people working and analyzing it. Even if it can be cracked with 24 hours of analysis by skilled cryptographers, it still means it is not just spewed out of some computer somewhere as a trivially cracked message. Skilled cryptographers do not grow on trees, so my bet is that
#1 - Odds are something like PGP is not cracked, or at least a superpower can only crack a small percentage of messages a year in terms of computing power, so I am relying on it not being cracked or being hard enough to crack that my message is not deemed worthy
#2 - If it turns out PGP is quick and trivial to crack, I am relying on my message still not being deemed worthy enough to merit a few of the scarce labor hours of skilled cryptographers.
The consensus is that cryptography works. Even the NSA can't get past a properly encrypted message with PGP (assuming you use PGP correctly, and I've heard its UX is horrible). So, one layer of encryption is enough. No need to make your life more complicated.
The biggest fear is not that the crypto itself breaks, but that implementations don't actually implement the crypto correctly. At this point it's mostly a matter of being reasonably sure the software is bug free. Exacting, but not impossible, especially if it's kept simple.
"Modern E2E encryption is like sending and receiving messages with a top security truck, but then on arrival, storing them in a tent."
The biggest problem is security weaknesses at the end-point. Your selfie is travelling securely over the wire, and then it reaches the end-point device where there are typically 100's of unfixed vulnerabilities:
The consensus among cryptography engineers about PGP is not especially positive. And the consensus about "cascading" cryptosystems, like your own home-rolled system inside of, say, libsodium crypto_box, is overwhelmingly negative; don't do that.
What is slightly novel is if I use a system with some tested (but uncertain) strength like PGP, and within it encrypt something with my own rolled crypto - this might protect me somewhat. Outside is the battle tested crypto of something like PGP. Inside is my own crypto system which might have some weaknesses, but which will probably take some hours of people working and analyzing it. Even if it can be cracked with 24 hours of analysis by skilled cryptographers, it still means it is not just spewed out of some computer somewhere as a trivially cracked message. Skilled cryptographers do not grow on trees, so my bet is that
#1 - Odds are something like PGP is not cracked, or at least a superpower can only crack a small percentage of messages a year in terms of computing power, so I am relying on it not being cracked or being hard enough to crack that my message is not deemed worthy
#2 - If it turns out PGP is quick and trivial to crack, I am relying on my message still not being deemed worthy enough to merit a few of the scarce labor hours of skilled cryptographers.