Only CALG_DH_EPHEM is supported in the discussions that follow. The certificates used contain normal RSA or DSS public keys.