How to access private key of a passkey on the client?

Question

I am building an app with sveltekit and I have decided to implement passkeys as a form of authentication.

So, I started researching about them and found out that in their foundation is the concept of an asymmetric key-pair (a client-side only private key that signs, and a public key stored on the server that verifies a “challenge”).

I became interested in the private key because I wanted to use it to encrypt some other data and experiment with it a bit on the client. However, after searching online and asking Claude AI it seems that it is impossible to get the private key…

So, as I mentioned my webapp is being built in SvelteKit, moreover I am using simplewebauthn/server and simplewebauthn/browser to implement the passkey authentication in my app. So is there any way I can get access to the private key as an in memory variable after calling await startRegistration(options) or await startAuthentication(options)?

Here is the code I want to work (registration example):

async function handlePasskeyRegistration() {
    const optionsResponse = await fetch(endpoint,init);
    const options = (await optionsResponse.json()).options
    const result = await startRegistration(options)
    const privateKey = somehowGetPrivateKey()
    console.log(privateKey)
}

Answer 1

A passkey's private key is, as the name states, private, and is not accessible to relying parties.

WebAuthn is an API for authenticating a user. Raw signatures are not currently possible, although there are some proposals to add this capability. You can derive secrets using the PRF extension for some encryption use cases, but please keep in mind that this is brittle and can have a big blast radius if a user deletes a passkey.