At the final WebAuthn login step, how does the relying party confirm the user without ever receiving a password or private key?
The client sends back the challenge signed by the private key; the relying party verifies that signature using the public key it stored at registration — a valid signature proves possession of the private key.
This is asymmetric cryptography doing the heavy lifting:
- Only the private key (sealed in the authenticator) could have produced a signature that verifies against the stored public key.
- The relying party runs the verification locally with the public key — it needs no secret of its own and receives no secret from the user.
- A correct signature ⇒ "this is the same entity that registered the public key" ⇒ authentication succeeds.
Nothing reusable ever crosses the wire: not a password, not the private key — just a one-time signature over a one-time challenge.
Tip: Contrast with cookies/passwords, where the server stores a secret (password hash or session) that's valuable to steal. Here the server stores only a public key — breaching the relying party's database yields nothing an attacker can log in with.