[lxgr]

> But essentially it's a certificate... so I wonder why no private key export? Maybe because current implementation uses some CA that binds you to the issuer?

It's a private key, not a certificate (at least not without using attestation).

But there is currently no portable specification of WebAuthN credentials; each authenticator is free to implement its own storage backend, and in fact some hardware authenticators deterministically re-derive the private key from an internal secret and the key handle before each signature.

Others store a randomly generated key in local storage, indexed by the key handle; yet others encrypt a randomly generated key and make that encrypted key part of the key handle.

The point being: Not all implementations can even support key imports, and there's no standardized serialization format for key exports yet.