Excactly. Read Secrets and Lies.
However, if you are trying to implement a real-world security system, ensuring that “your encryption engine and keys are not available for analysis” is far, far tougher than figuring out an engine and keys. In fact, it’s so tough that professional cryptographers always assume that the attacker has the encryption engine, and have done so for a few hundred years.
You missed a category, which is one of the most common:
- Symmetric (private key) encryption with public-key encryption and protocol (e.g. Diffie-Hellman) for key transmission.
This is what PGP and many other products do. Symmetric systems are desirable because they’re typically much faster than public key algorithms.
For a high-school level project, I would suggest that you write a simple Feistel cipher. The Tiny Encryption Algorithm I posted above is a Feistel cipher. Read up on them, and you should be able to implement your own design fairly easily. It won’t be secure, but at least it will be an implementation of a real-world cipher.
The tricky part of a Feistel cipher is coming up with a transform function that is secure. If you don’t really care about that, just use the XOR trick listed above in your transform function.
Feistel ciphers are good for school projects because the basic concept is simple, and you can write some pretty simple-yet-cool algorithms to make it work.