The key agreement protocol provides a way for previously unacquainted parties to agree on a secret key. However, there are times when one party wants to unilaterally send a private message to another party without first interacting with the other party. Public-key encryption, first proposed by Diffie and Hellman in the early 1970's, provides a way to accomplish this.
In traditional (one-key) cryptography, the same key is used to encrypt a message as to decrypt it. Public-key cryptography discards this convention, and allows one (public) key to be used for encryption and another (the secret key) for decryption.
The set-up for public key cryptography is as follows. Every person intending to receive encrypted messages privately chooses a secret key and calculates a corresponding public key. All the public keys are made publically available. If I want to send an encrypted message to someone, I look up her public key and use it to encrypt a message to her; only she is able to decrypt it.
The idea of having different keys for encryption and decryption seems simple, but it represented a startling break with the past. It is worth considering why the discovery was so late in coming; after all, traditional cryptography has been used for a few thousand years. Why did the idea of two different keys not arise earlier?
Note that the secret key and the public key must be closely related for the decryption to work. In principle, they have the same information content. Thus it seems as if knowing one--say, the public key--would be tantamount to knowing the other. (Analogously, if you know a function, encryption, then one would think you would also know its inverse, decryption.) Thus there would be no point in having two different keys--they would only be two different ways of representing the same information.
This argument, while persuasive, is flawed, for it fails to take into account computational limitations. It is true that knowing the public key in principle enables one to calculate the secret key; however, that calculation might require so much time, even on the fastest computer, as to be impossible in a practical sense. I suspect, however, that the flawed argument was in part the reason public-key cryptography was not proposed earlier. Detecting the flaw--or even realizing that such an argument was nontrivial--required a degree of sophistication about computational processes that people lacked before the development of computers and of theoretical computer science.