In the past, this was necessary to offer end-to-end encryption in web applications. Now, we can use the WebAuthn PRF extension[0] to enable encryption directly from a passkey, without having to deal with awkward key storage[1].

[0]: https://github.com/w3c/webauthn/wiki/Explainer:-PRF-extensio...

[1]: https://confer.to/blog/2025/12/passkey-encryption