> The author just says "use NaCl" here but what should I do if I am not in a position to do that but can still use ECC?
Not being in a position to use even a single-file C library like Monocypher (well, 2 compilation units if you want the optional parts), is… well, unusual.
> My understanding of ECC is that it is not really suitable for encryption as-is, as RSA was, rather it is used for key agreement (somehow through a multi-step process that I do not understand)
The steps are: once you’ve done key agreement, you have a shared key. You can then use authenticated encryption with that key. One caveat though is that key agreement often don’t give you an actual key, but a statistically biased shared secret. So the actual steps are:
1. Do key agreement. You now have a shared secret.
2. Hash your shared secret. You now have a key.
3. Encrypt your messages with your key. Use AEAD for this.
Caveat: I omitted a number of important details, most notably forward secrecy.
Not being in a position to use even a single-file C library like Monocypher (well, 2 compilation units if you want the optional parts), is… well, unusual.
> My understanding of ECC is that it is not really suitable for encryption as-is, as RSA was, rather it is used for key agreement (somehow through a multi-step process that I do not understand)
The steps are: once you’ve done key agreement, you have a shared key. You can then use authenticated encryption with that key. One caveat though is that key agreement often don’t give you an actual key, but a statistically biased shared secret. So the actual steps are:
Caveat: I omitted a number of important details, most notably forward secrecy.