How do I reversibly (symmetrically) encrypt a filename (with or
without directory path, I’m OK w/ either) so that the result is also a
valid filename (less than 64 characters [or whatever the limit is], no
funny characters, ideally no spaces [but not a requirement], etc)?

Googling finds only filename encryption algorithms where the result is
a long string of binary characters (using MIME64, converting to
non-binary is easy, but this just makes the filename longer) and/or
non-symmetric one-way encrption schemes (eg, salted MD5, SHA1, DES,
etc). I don’t want to store a table of hashes: I want to decrypt the
filename with a simple key I’ve memorized.

My own attempts with things like “mcrypt -b” failed too: the resulting
output (even before converting to ASCII) grows in size very rapidly as
the filename and key length increase.

Reasoning: I plan to use an “infinite backup” service (like mozy,
blazebackup, etc), but none encrypt filenames (just file
content). I’ll create a directory that consists of encrypted filenames
with symlinks (or even hard links) to the real file. I’ll back up only
that directory (and choose my own private key), and have
filename-encrypted and filecontent-encrypted backups.

EDIT: Petey’s method worked like a charm!

# "-b 512" yields "Bits has bad value 512 (too small)" 
ssh-keygen -t rsa -b 768 -f /tmp/test.rsa 
echo "thisisareallylongfilenameknightswhosayniioratleastusedto" |\ 
 openssl rsautl -inkey /tmp/test.rsa -encrypt | base64 |\ 
 perl -0777 -pnle 's/\//-/isg;s/\n//isg' 

yields a 130 character result that should always be a filename!