From T12453:
create a standalone library (which can be reused by the extensions consuming the GPG keys) for one more level of wrapping, either around the PECL library or the command-line gpg tool directly. Unfortunately both of those require using a keyring. We probably don't want to leave around public keys (which might be secret) in /var/www/.gnupg/pubring.gpg of random machines; we also don't want to break other extensions using GPG by permanently changing the home directory. So we need to do something like: create temp dir -> set GNUPGHOME environment variable to temp dir -> run GPG commands -> reset GNUPGHOME and delete temp dir (use a scoped callback or something similar to make sure this happens). This kind of sucks but should be doable.