The server needs an installation of GnuPG, and the public key of the person who needs to get the data sent. You may choose to also have a public/private key pair for the server, so that you can sign the order data to verify that it did indeed come from your server. However, remember that you should *never* keep the key to which you are encrypting the credit card data on the server.

The person receiving the order data, of course, needs either GnuPG or PGP and their own public/private key pair. If you create a key pair for the server to sign with, then the recipient needs a copy of the server's public key.

When you get an order, you can use shell_exec() [php.net] or a relative to run GPG on the order data, in order to get the encrypted (and optionally signed) text to be used as the body of the message. Ideally, the credit card data would be send to GPG on standard input, rather than written to disk, but I'm not sure if any of the PHP execution functions allow you to define stdin for the command you are calling. Temporary named pipes (looks like a file, smells like a file, but it's a pipe) might be a solution to that problem.

Once you've got the blob of encrypted text back from your GPG call, you can just use mail() to send the blob to the appropriate person. That person then feeds the message to GPG or PGP, types in the password for their private key, and gets the plain text donation info.

Unfortunately, as I said, I have no idea how to do much of anything with Windows. I don't touch it when I can help it, and I can usually help it.