I remember reading somewhere that PGP is not suited for realtime web chats. Can't explain precisely why or cite sources, though.

It's because asymmetric cryptography is very inefficient, so most protocols just use asymmetric public/private keys to send a symmetric key (AES, etc) to the recipient, so further communications can happen over the much more efficient symmetric keys.

That and PGP, AFAIK, also doesn't really do perfect forward secrecy. If you get the private key, you can decrypt all stored messages.

That said, you provide the answer: use PGP's asymmetric encryption to establish a session key, then use that to communicate.

That's actually how PGP works too - it generates a random symmetric key, encrypts the message with it, then encrypts that key with the recipient's public key and both message and encrypted symmetric key are sent.

http://en.m.wikipedia.org/wiki/Pretty_Good_Privacy#/media/Fi...