Should we always use a hybrid encryption protocol to share information?

Nowi — Sat, 04 Apr 2026 01:04:51 +0000

Whenever we think about sharing information securely, we think about encryption, sharing keys, and the best approach, which is often called "hybrid cryptography." But is it really necessary to expend so many resources on one-way, single messages?

For these types of messages, it's not so necessary. Let me give you an example to see why: we need to share a specific piece of data, just one, some coordinates, a unique message to verify activity or to initiate an action... The first thing we might think of is to start with the protocol as we know it. We would begin by creating an asymmetric key pair (RSA/ECC), then create the symmetric key (AES/ChaCha20), and then share the public keys among the users, finally sharing the symmetric keys to perform encryption and secure sharing. But this clearly doesn't make sense; these types of protocols are used for persistent connections, and that's clearly not our situation.

If you've noticed, we recently shared encrypted data without any issues: that data was the symmetric key. What if we replaced that shared symmetric key with the data we need to share, and at the same time, prevent the user sharing the data from creating an asymmetric key pair?

In this way, we've created a secure system for sharing unique, non-persistent data. It works like this: The user who will receive the information creates an asymmetric key pair (RSA/ECC) and sends the (signed) public key. Then, the user who wants to share the data encrypts it with that public key and finally shares it with the user who will receive it, who then decrypts it with their private key. This way, both parties can share the information, and the connection is clean and secure.

NothingK

Nowi — Sat, 04 Apr 2026 00:28:52 +0000

A local password manager with symmetric cryptography and no possibility of tracking.

cuadratico / NothingK

Nothing K is a digital vault for storing your passwords using symmetric cryptography, specifically the AES algorithm with a 256-bit key size and GCM operating mode. As extras, you can review the log history and generate passwords with a proprietary generator.

NothingK?

A digital vault for storing passwords with symmetric cryptography. NothingK uses AES256/GCM. NothingK also includes a password generator, encrypted logs and a file export and import system.

Important notice!

NothingK is not a collaboration with Nothing (company), meaning that no Nothing Technology (company) developers or any of its technology have been used in the development of NothingK. NothingK is my own project, developed with open-source technologies and under legal licenses.

Where to download NothingK

So far, NothingK is only available in this repo, Izzysoft, androidfreeware and OpenAPK. It's also being approved for F-Droid. Other platforms not mentioned that contain NothingK may not be secure. Be careful.

APK Security V0.3.21-Pokemon_X

https://www.virustotal.com/gui/file/ab8650d199fbbe6de5e4b63e3214c4eac8e92c38b6b4fd4a4a883b8d1f3fbf8b?nocache=1

APK Scan V0.3.19-Stardew_Valley.1

An analysis with MOBFS has also been performed.

security note (57/100)
Trackers Detection (0/432)

Technologies used

Languages: Kotlin and SQL
Tools: AES256/GCM, AndroidKeyStore, security and Biometric Library (Android), PBKDF2 (Key derivation algorithm) and Json

Screenshots

View on GitHub

DEV Community: Nowi