Koch: A New Future for GnuPG

There is no reason a separate process has to behave like /usr/bin/gpg does (i.e. en/decrypt one message at a time, then exit). You could have a gpg-like daemon and send it commands over a pipe or (Unix domain) socket. You could even order it to zero and free all heap allocations, kill itself, and relaunch at the end of each session, or separate instances could be launched by each process which wants to use GPG functionality (just make sure they kill themselves after a reasonable amount of idle time has elapsed so they can't be orphaned for too long). Such a daemon could also sandbox itself, e.g. by running inside of some sort of heavily-restricted container.