At a company I used to work for, we used PGP this way:

  * client company and our company agree to use PGP to
    exchange private PGP encrypted files.
  * client company and our company (generate if necesary,
    and) exchange PGP public keys
  * client company develops their own methods(manual or 
    automated scripts) for encrypting files to send to
    us, *AND* for decrypting files that we send to them.
  * likewise, our company developed our own software based
    on PGP's command line batch API, for encrypting files 
    to send to clients, and for decrypting encrypted files 
    sent to us by clients.
[download]

I haven't personally used Crypt::OpenPGP, but I'd bet that all the tools are there to allow you to script both encrypting and decrypting GPG files.

What https gives you is security while your data is *being* tranferred from the browser to the server and visa-versa. If you don't have https availability, in my mind the next best thing is encrypting the data on one end, and decrypting data on on the other end. Just my opinion.