How are Passkeys Generated?

Blog-Post-Author

Vincent

Created: August 21, 2024

Updated: September 10, 2024


how are passkeys generated

How Are Passkeys Generated?#

Passkeys are generated using asymmetric cryptography, where a pair of cryptographic keys - a public key and a private key- is created. The private key remains securely stored on the user's device, while the public key is shared with the server. When a user registers or logs in, their device creates this key pair, which is then used to authenticate their identity securely without ever exposing the private key.

  • Passkeys are generated using asymmetric cryptography, creating a public-private key pair.
  • The private key remains on the user's device, ensuring security.
  • Public keys are shared with the server to authenticate the user during login.

Understanding Asymmetric Cryptography in Passkeys#

Passkeys rely on asymmetric cryptography, a method that uses two distinct but mathematically linked keys - a public key and a private key. Here’s a closer look at the process:

  • Key Pair Generation: When a user initiates the creation of a passkey, their device generates a pair of cryptographic keys. The private key is stored securely on the user's device (e.g., within a secure enclave on a smartphone), and the public key is sent to the server where it is stored.

  • Registration Process: During the initial registration with a service, the user’s device creates the key pair. The private key is never shared and remains protected on the device. The public key, however, is transmitted to the server and stored along with the user's account.

  • Authentication Process: When the user attempts to log in, the server sends a challenge to the user's device. The device uses the private key to sign this challenge. The server then verifies this signature using the corresponding public key, thereby authenticating the user without ever exposing their private key.

Subreddit Icon

Discuss passkeys news and questions in r/passkey.

Join Subreddit

The Role of Public Key Infrastructure (PKI)#

Public Key Infrastructure (PKI) is fundamental to the security of passkeys. PKI manages the public keys and the digital certificates that authenticate them. PKI ensures that communication between the user's device and the server is secure, preventing man-in-the-middle attacks during the authentication process.


Share this article


LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.


We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free