Can a Diffie-Hellman key exchange algorithm be used to encrypt client-server communication on a web-page in place of SSL? If it can, what are the disadvantages (i.e. why does the standard use SSL which requires a certificate authority)? My understanding is that Diffie-Hellman can be used to secretly establish a shared key which then can be use to encrypt any further communication.
I've actually been working on a similar problem lately myself. I don't have a working sample, but here are some points you should be aware of:
Android uses a partial Bouncy Castle package to handle most of its cryptography, but some people prefer to user their own cryptographic package (Spongy Castle is a commonly cited alternative) since Android's is incomplete. See the discussion in here.
Be aware that if you choose to use some non-Android Java crypto library, Android does not support all Java packages your library may need. See my (currently unanswered) question about how to deal with that in Spongy Castle.
Hope these help!
I think you're confusing the basic Diffe-Hellman, which is a key exchange protocol, with the 'authenticated version' which uses a certificate authority (CA).
Nice explanation of how the basic Diffe-Hellman is vulnerable to man-in-the-middle from RSA Labs.
"The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack. In this attack, an opponent Carol intercepts Alice's public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. Carol and Alice thus agree on one shared key and Carol and Bob agree on another shared key. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. This vulnerability is present because Diffie-Hellman key exchange does not authenticate the participants. Possible solutions include the use of digital signatures and other protocol variants."
and it follows with the authenticated version, also known as the Station-to-Station protocol:
"Roughly speaking, the basic idea is as follows. Prior to execution of the protocol, the two parties Alice and Bob each obtain a public/private key pair and a certificate for the public key. During the protocol, Alice computes a signature on certain messages, covering the public value ga mod p. Bob proceeds in a similar way. Even though Carol is still able to intercept messages between Alice and Bob, she cannot forge signatures without Alice's private key and Bob's private key. Hence, the enhanced protocol defeats the man-in-the-middle attack."
So the basic version is susceptible to a man-in-the-middle attack, the authenticated version that uses public key certificates is not.