When in doubt, don't reinvent the wheel. If TLS covers your use case, use TLS.
Unfortunately, it appears that you are not at all doomed if you don't know security well. I say "unfortunately" because I'd rather have fewer secure products than the massive array of insecure products we enjoy today.
And I think a large part of that is because of the unbelievably irresponsible legislation on the matter - where the punishment for "hacking" is often punitive, but the punishment for negligence is often non-existent.
I think it's kind of like cars and the corresponding (lack of) traffic & vehicle safety rules a century ago: right now it's everybody for themselves, but what you really need are rules that encourage those in a position to cause improvement to actually improve.
Developers like us and firms that employ them need to be liable for security exploits - preferably with good enforcement with many small fines rather than a few "examples" that get the book thrown at them. And hackers, even if dubiously motivated, shouldn't be driven underground by punitive measures because that causes a really unhealthy head-in-the-sand dynamic.
Unfortunately, it appears that you are not at all doomed if you don't know security well. I say "unfortunately" because I'd rather have fewer secure products than the massive array of insecure products we enjoy today.