Also users wont even really be aware that they are doing ECDH key exchange in the first place. Essentially you have an address generated that looks like YourName@random-ass-but-very-small-compared-to-RSA-public-key-because-it-is-an-ecdh-public-key-plus-also-a-little-metadata-all-base64.Agora you can load the persons contact address via the GUI and this loads everything you need to communicate with the person, including their ECDH/ECDSA key (it is secure to use the same ECC key for ECDH and EDSA so there is no need to use two). This allows your client to also generate your first set of contact strings for tagging messages to the contact, although they will not know how to search for it until they load your address as well. So after loading this you can send encrypted messages addressed to the contact entirely from the GUI, entirely transparent to the user that any encryption or anything advanced is taking place. You can organize your contacts into groups and send messages to groups of people, or arbitrary selections of one or more person. In such cases the message is encrypted with a single random key and tagged with the contact strings for each of the people you are sending the message to, and an ephemeral ECDH key + 256 bit encryption of the payload key are sent with the message as well, in addition to a little bit of metadata to help keep things synched between all of the users.