[JulianK]

The idea behind private keys is that they are private and never sent anywhere so I believe your assertion that the server knows anything about your private key is incorrect.

Here's a link to Yubico with a visual diagram of how passkeys work: https://developers.yubico.com/Passkeys/How_passkeys_work.htm...

But fundamentally it's very similar to how all public/private stuff works. You send people the public key and sign stuff with the private key.

[labcomputer]

You may want to dig into the documentation a bit more.

First, ask yourself a simple question: How can a Yubikey store an unlimited number of FIDO2/U2F credentials. The official Yubikey documentation literally claims that Yubikeys can do that. Not “a lot”. Not “more than you’ll ever need”. Not 10k. Not 10M. Not 10G. Unlimited.

Gosh, maybe I should use a Yubikey for mass storage on the cheap! I wonder why nobody has done this?

Second, you’ll want to dig into what is the contents of the “key handle” that is passed from the server, through the user agent, to the key. Hint: Despite the HN hive mind, I’m not wrong.

[chimpoftheages]

It's very similar to how TPMs work. Discoverable keys were originally called resident keys because regular keys were almost always encrypted in the key handle and sent to the RP.

If you don't trust a system to encrypt why would you trust it to generate keys with correct random or sign without leaking key data?

The encrypted private key isn't any more likely to be a weak link than the other things a token could do wrong.