Just as an aside... If you *did* use pgp, and just not send the mail, you could simply have an open web server (no ssl/.htascess required), allow people to download the file, and since it's protected using pgp, it would be 'hard' to see the file contents...