| ||
Do realize that key exchange alone is often not secure. You must also authenticate the other party or parties.
Do use off-the-shelf solutions for session establishment, such as SSL/TLS.
Do ensure that you read all the fine print to make sure you have strongly authenticated every party.
Consider calling in a cryptographer if you insist on using custom solutions.