Traditionally, most people think of cryptography as using a secret password to encrypt and decrypt data. This is known as Symmetric encryption. The same password, or what is known as the key, is used to encrypt and decrypt. The well known AES algorithm is an example of a symmetric encryption algorithm.
Symmetric algorithms are fast and strong, but they have one major weakness, How do you share the secret key with someone whom you want to communicate, without a 3rd party intercepting it?
Diffie Hellman is a well known algorithm and one of the earliest solutions to this problem. Conceptualised by Ralph Merkle and Published in 1976 by Whitfield Diffe and Martin Hellman, The algorithm allows two parties to share a secret key across an untrusted communications channel.
The algorithm works by both parties generating their own secret and then combining it with another, shared value before transmitting over the network. The operation to separate the two values once combined is extremely expensive to reverse (on current hardware). Using the mixed values, both sides combine the mixed values they received from the other party with their own secret value to arrive at the same value independently. This means they can both arrive at the same secret without ever having to transmit it across the network.
Diffie Hellman is not an encryption algorithm like RSA, it is a Key Exchange algorithm. Its purpose is not to encrypt data but to allow a secret key to be shared between two parties that is then safe to be used as the key to another algorithm such as AES. The confusion sometimes arises when Diffie Hellman is referred to as a public key technology, The public key in this case being the shared value both parties exchange at the beginning of the algorithm. It is not a public key encryption algorithm however, as it it cannot be used to convert a piece of plain text into cypher text.
There are multiple versions of Diffie Hellman but all follow the same basic principle. The original version uses a multiplicative group of integers modulo p, where p is prime and g is a primitive root modulo p. Another variation used Elliptic curves. The elliptic curve variation Diffie Hellman is easily utilised within the .NET framework using the ECDiffieHellmanCng class.
Summary
Use Diffie Hellman if you need to share a secret for use in key generation across an untrusted communications channel. Diffie Hellman alone, cannot be used to encrypt data. It can be used to share a secret key for use in a symmetric algorithm such as AES.
Coding N Stuff 