What is Diffie-Hellman used for?

Diffie-Hellman is used to agree on a secret key over an insecure channel. By exchanging public values derived from each party’s private numbers, both sides compute the same shared secret without ever sending it directly. This shared secret can then be used to derive symmetric keys to encrypt the conversation, so an eavesdropper can’t recover the session key from what’s transmitted. When used in its ephemeral form, it also provides forward secrecy, so past communications stay protected even if private keys are compromised later. This differs from binding identities to keys (PKI certificates), encrypting data at rest (which is about encrypting stored data), or generating digital signatures (which signs data to verify authenticity).