(In all honesty, I don't believe you. I presume you're paying those invoices, in which case whatever attacker you have in mind can just follow the money and monitor the metadata to learn everything they need to know about those invoices. Or, more likely, your threat model is "nobody's seriously gonna snoop on my payments to this supplier; I just think it's fun to play with PGP.")
What threat model is this?!
(In all honesty, I don't believe you. I presume you're paying those invoices, in which case whatever attacker you have in mind can just follow the money and monitor the metadata to learn everything they need to know about those invoices. Or, more likely, your threat model is "nobody's seriously gonna snoop on my payments to this supplier; I just think it's fun to play with PGP.")