It is not clear you need signatures in the secure phone case. Eric Blossom's 3DES uses straight DH for key exchange with verbal verification that both ends are using the same key.
How does Eric's box display the negotiated key to the user? (I don't recall the pair I saw having displays).
Latest versions have an LCD display that reports the type of crypto being used (3DES), as well as 24 bits worth of SHA-1 of the public exponentials exchanged. Alice sends g^x mod p, Bob sends g^y mod p. Let m = min(g^x mod p, g^y mod p) and n = max(g^x mod p, g^y mod p). compute v = SHA (concat (OCTET_REP (m), OCTET_REP (n))). Display the high 24 bits of v.
Also I thought it would be kind of cute if there were some way for phones to exchange their signature keys `face to face' as well.
Currently, absent some kind of widely deployed public key infrastructure, there are no signature keys used. This also means that the units do *not* contain any long term secrets, just the session key which is destroyed at the end of the call. Eric