FCC guidelines 97.113.4 enjoin amateurs to not use ciphers or codes.
https://www.govinfo.gov/content/pkg/CFR-2002-title47-vol5/pdf/CFR-2002-title47-vol5-sec97-113.pdf is the published language.
But we do use “accepted codes” like Q-abbreviations and some legacy railroad CW vestiges. Certainly you can’t develop “73” into the meant “best regards” without a lookup (code) table, or figure out that QRP means “low power” typically a few watts or less, and that QRO means “high power” usually over 1kw.
Most digital modes are “encoded” but because the methodology is widely known and available it isn’t considered as a “cipher” – yet as an exception certain Pactor modes are proprietary requiring a third party technology-license/equipment to unravel. Certainly seems a “cipher” but is accepted by the FCC as “allowed.” D-Star is another one that gets brought up as seemingly more a cipher/code than not.
Resolving what is “okay” and what is “not allowed” isn’t exactly straight forward, as a lot appears to depend on intentions. Some discussions can be found at https://www.amateurradio.com/encryption-is-already-legal-its-the-intention-thats-not/
So I am not certainly going to be able to provide any guidance on what is truly allowed, and everything that follows I offer as for use in emergency only and not via ham radio unless you have received permission to do so.
One of the easiest and most secure if pads are kept secure is the one-time pad method of encryption. You can find an example and information at Amrron
A very cool system that I have trained people with, is the Diana Cryptosystem. Both parties need the same keys and while tediously slow the system offers decent security. I’ve seen variants of the system used by professionals overseas when we captured their observers.
Here is a video:
And if you want to buy a wheel, you can get them here:
Effectively the same system can be done with lookup tables, and some military types memorize all the combinations so they don’t need wheels or tables.
I find it effective to make up a worksheet for encoding/decoding. In my training five-letter groups are used and some exercises introduce common errors so the trainee has encountered them at least once before.
Some folks I’ve taught can be considered masters but unfortunately the system is slow and practice time consuming, so many run out of time/interest once they have the basics down.
As both parties need the same “keys” and “keys shouldn’t be reused, you need to figure out a way you want to handle your “keys.” I’ve seen systems where short messages carry “pointers” to pre-encrypted messages and to the key to be used to decrypt them, which can make for a decent system that avoids ready decryption if someone else has them. With enough information and technology that pre-distributed system will give up its message though.
In many ways encryption is about delaying the reading of your messages by others (as their computer cracking systems will need time to work through your system) and upping the resources required to break your code above the perceived value of information.
Good luck playing around and leave me comments if you want to learn more. Everything I will teach is 100% publicly available, so don’t be afraid to venture out on your own in your learning.
Do remember that if it ends up in both unencrypted and encrypted forms on your electronic devices that your security has shrunk by several orders of magnitude. Hence the focus on manual systems.