The evolution of passkeys and WebAuthn is not only advancing passwordless authentication—it is also unlocking new capabilities in the realm of data security. Among the most significant recent developments is the ability to use passkeys, in conjunction with the WebAuthn PRF (Pseudo-Random Function) extension, to securely encrypt and decrypt files. This represents a powerful new use case for passkeys, offering users phishing-resistant, hardware-backed, and password-free file encryption.
What Is WebAuthn?
WebAuthn (Web Authentication API) is a W3C standard widely adopted by web browsers and platforms to enable secure, public-key-based user authentication. Traditionally, WebAuthn has been used to authenticate users via security keys, biometrics, or device credentials, eliminating the need for passwords.
With the rise of passkeys—credentials backed by public-private key pairs stored in secure hardware and often synchronized across devices through platforms like iCloud or Google Password Manager—WebAuthn has become both ubiquitous and seamless for end users.
The PRF Extension: Unlocking Symmetric Key Capabilities
The introduction of the PRF extension (Pseudo-Random Function) significantly extends the capabilities of WebAuthn credentials. Instead of merely confirming a user’s identity, credentials that support the PRF extension can return a 32-byte secret derived from the user’s credentials and a relying party-provided input.
In practice, this allows applications to derive symmetric encryption keys from a passkey, provided the user is present and verified. Eureka! This marks a turning point: WebAuthn can now be used not only for authentication but also as a key derivation function (KDF) for secure file encryption.
Encryption with Passkeys in Practice
With the wider support of the PRF extension in modern platforms, encryption libraries can now leverage passkeys to protect files. A notable example is Typage 0.2.3, a TypeScript port of the age file encryption tool. Typage supports the WebAuthn PRF extension, allowing developers to derive file encryption keys securely from passkeys.
Using Typage, a developer can create a new passkey specifically for encryption:
await age.webauthn.createCredential({ keyName: "My Encryption Key" });
When a file is encrypted using this credential, the encryption key is derived from the PRF output. Decryption requires presence verification via the same passkey—biometric authentication, PIN, or approved device confirmation—ensuring that encrypted files cannot be decrypted without user involvement.
Benefits of Passkey-Based Encryption
Passkey-based file encryption offers multiple security and usability benefits:
- Phishing Resistance: Passkeys are bound to the domain or application they were created with, making it impossible to reuse them on malicious sites.
- Hardware-Backed Secrets: Secrets are derived inside secure hardware modules (TPMs, secure enclaves) and cannot be exported.
- User Verification: Every encryption or decryption operation requires user interaction, including biometric checks or PIN entry.
- No Password Fatigue: Users do not need to remember or manage encryption passphrases.
This model aligns with modern user expectations around security: strong protection with minimal friction.
Platform and Ecosystem Support
Adoption of the PRF extension is growing:
- Browsers: As of mid-2024, Chrome 132+, Safari in iOS 18/macOS 15+, and Firefox (with flags) support the necessary PRF features.
- Platforms: Apple, Google, and Microsoft platforms all support passkeys, with secure key storage and syncing.
- Security Keys: Hardware tokens like YubiKey support similar functionality via the
hmac-secretFIDO2 extension, though these keys are typically not syncable across devices.
Use Cases and Limitations
Passkey-based encryption is ideal for:
- Local encrypted backups
- Secure offline vaults
- Cloud-stored encrypted files
- User-controlled data on shared or untrusted systems
However, it comes with some caveats:
- Symmetric Encryption Only: The PRF-generated key is symmetric. It cannot be used for asymmetric operations like signing or public-key encryption.
- Credential Portability: Credentials stored in a browser or synced password manager may not be portable to other applications or devices.
- Asymmetric Recovery: Without recovery mechanisms, losing access to a passkey can make file recovery impossible.
