Existing physical layer security schemes are inapplicable to legacy devices operating on long coherence-time channels, since they demand changes in the physical layer. To this end, a new physical-layer security scheme is developed to secure legacy clients. In this scheme, secret keys are generated by a client and transmitted to the access point (AP). To protect these keys, a separated device called secrecy protector (SP) transmits jamming signals to prevent eavesdroppers from overhearing the keys. The SP is equipped with multiple antennas, each of which transmits an independent jamming stream with a pseudo-preamble. Since the SP can share jamming signals with the AP secretly, the AP can use a certain analog network coding scheme to remove jamming signals and decode the keys. In contrast, eavesdroppers have no knowledge of jamming signals to decode the keys. However, the long coherence-time channels are vulnerable to eavesdroppers, as they can guess the channel coefficients in a brute force way and then remove the jamming signals. Thus, frequency diversity is exploited to enhance the security of the system. Moreover, the design of jamming mechanisms resists collusion among eavesdroppers. Therefore, secret keys can be secretly shared between the AP and a client. The developed scheme is implemented on a software-defined radio platform. Performance results demonstrate that it can effectively deliver secure communications without any changes to the physical layer of legacy clients.