(Using PGP to automatically decrypt & encrypt files)
Your plan seems to involve storing passphrases on disk
somewhere. In order to do this well, set up a group of machines with
no function other than encryption/decryption, and then trust those
machines to do the job properly.
Make sure each one only takes data signed by an approved
party, and then decrypts it, and sends it off somewhere secure. The
reason for doing this on a seperate machine is to restrict what that
machine does to a base minimum. You are forced to trust things that
appear to be coming from that machine, so once you've decrypted, you
should sign the data before sending it out.
Also, you should create at least 3 keys-- one to sign
outgoing stuff, one to decrypt incoming stuff, and one to sign
incoming stuff after decryption. This might not buy you very much at
all, but keys are cheap.
"It is seldom that liberty of any kind is lost all at once."