If I have both a message (M) and a public key (P) in a process memory, what would be the way to encrypt M using P without writing either to a temporary intermediate file?
Any chance I can pass both into stdin and use some tricky protocol gpg(2) supports to accept both from pipe?
If no - what would be other the alternatives for php (keeping in mind there is no native binding and using the 3rd party extensions is not possible (it's not in the standard ubuntu repository and supporting a custom build and a custom repository is too costy))?
To large parts, this is my answer from a similar question posted on Server Fault. Replicated as cross-site duplicates are not possible.
GnuPG requires all keys you want to use to be imported into a keyring.
If you don't want to import it to your normal keyring, either use another (temporary) keyring, or even a temporary GnuPG home directory (which will also bypass any configuration). If you do not want to store the key on your hard disk, consider using a memdisk.
Set --primary-keyring temporary.gpg to use (and create if necessary) a temporary keyring as default. It will be created in your GnuPG home directory (~/.gnupg/temporary.gpg by default). Your normal keyring will still be available, but imports will go to the temporary one. Delete it as you want to.
For example:
gpg --primary-keyring temporary.gpg --import key.asc
gpg --primary-keyring temporary.gpg --recipient 0xDEADBEEF --encrypt
rm ~/.gnupg/temporary.gpg # can be omitted, not loaded by default
This will also reset all configuration, and might be helpful for testing some stuff. Set --homedir [folder] or the environment variable $GNUPGHOME, import the key, perform any operations and then delete the folder as you wish to.
For example:
export GNUPGHOME=/tmp/gnupg # Or apply --homedir on each invocation
gpg --import key.asc
gpg --recipient 0xDEADBEEF --encrypt
rm -r $GNUPGHOME # Can be omitted
unset $GNUPGHOME
GnuPG is very picky regarding permissions, you might need to apply stricter permissions to the $GNUPGHOME folder before being able to perform all operations. Might very well be an option to keep some playground-$GNUPGHOME around.
There is an official PHP PEAR module for GnuPG, which is also packaged for Ubuntu in the official repositories, and I would strongly recommend for using this module instead of manually building an interface to GnuPG.