---
title: Public-Private Key Authentication
framework: authenticationservices
role: collectionGroup
role_heading: API Collection
path: authenticationservices/public-private-key-authentication
---

# Public-Private Key Authentication

Register and authenticate users with passkeys and security keys, without using passwords.

## Overview

Overview Eliminating passwords simplifies account creation and authentication for apps and websites. Additionally, it reduces risks that arise from the reuse of one password across multiple services, brute force attacks, and social engineering that bad actors use to obtain credential information. By implementing public-private authentication according to the W3C Web Authentication specification, your users no longer need to remember complicated passwords or rely on password managers. Instead of using a password, your macOS, iOS, or iPadOS device, known as the authenticator, generates a public-private key pair at account creation time, and sends the public key to the server. The server, known as the relying party, holds the public key for subsequent authentication, and uses assertion to challenge the authenticator to prove its identity is valid. There are two forms of public-private key authentication: passkeys and security keys. With passkeys, the device stores its public-private key pair in the user’s iCloud Keychain and syncs the keys across the user’s devices. Security keys store the public-private key pair on a physical medium, such as a security card or a USB key.

## Topics

### Fundamentals

- [Connecting to a service with passkeys](authenticationservices/connecting-to-a-service-with-passkeys.md)
- [Supporting passkeys](authenticationservices/supporting-passkeys.md)
- [Supporting Security Key Authentication Using Physical Keys](authenticationservices/supporting-security-key-authentication-using-physical-keys.md)

### Account registration

- [ASAuthorizationPublicKeyCredentialRegistration](authenticationservices/asauthorizationpublickeycredentialregistration.md)
- [ASAuthorizationPlatformPublicKeyCredentialRegistration](authenticationservices/asauthorizationplatformpublickeycredentialregistration.md)
- [ASAuthorizationSecurityKeyPublicKeyCredentialRegistration](authenticationservices/asauthorizationsecuritykeypublickeycredentialregistration.md)
- [ASAuthorizationPublicKeyCredentialRegistrationRequest](authenticationservices/asauthorizationpublickeycredentialregistrationrequest.md)
- [ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest](authenticationservices/asauthorizationplatformpublickeycredentialregistrationrequest.md)
- [ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest](authenticationservices/asauthorizationsecuritykeypublickeycredentialregistrationrequest.md)

### Account authentication

- [ASAuthorizationPublicKeyCredentialAssertion](authenticationservices/asauthorizationpublickeycredentialassertion.md)
- [ASAuthorizationPlatformPublicKeyCredentialAssertion](authenticationservices/asauthorizationplatformpublickeycredentialassertion.md)
- [ASAuthorizationSecurityKeyPublicKeyCredentialAssertion](authenticationservices/asauthorizationsecuritykeypublickeycredentialassertion.md)
- [ASAuthorizationPublicKeyCredentialAssertionRequest](authenticationservices/asauthorizationpublickeycredentialassertionrequest.md)
- [ASAuthorizationPlatformPublicKeyCredentialAssertionRequest](authenticationservices/asauthorizationplatformpublickeycredentialassertionrequest.md)
- [ASAuthorizationSecurityKeyPublicKeyCredentialAssertionRequest](authenticationservices/asauthorizationsecuritykeypublickeycredentialassertionrequest.md)

### Credential providers

- [ASAuthorizationPlatformPublicKeyCredentialProvider](authenticationservices/asauthorizationplatformpublickeycredentialprovider.md)
- [ASAuthorizationSecurityKeyPublicKeyCredentialProvider](authenticationservices/asauthorizationsecuritykeypublickeycredentialprovider.md)

### Request configuration

- [ASPublicKeyCredential](authenticationservices/aspublickeycredential.md)
- [ASAuthorizationPublicKeyCredentialParameters](authenticationservices/asauthorizationpublickeycredentialparameters.md)
- [ASCOSEAlgorithmIdentifier](authenticationservices/ascosealgorithmidentifier.md)
- [ASCOSEEllipticCurveIdentifier](authenticationservices/ascoseellipticcurveidentifier.md)
- [ASAuthorizationPublicKeyCredentialAttestationKind](authenticationservices/asauthorizationpublickeycredentialattestationkind.md)
- [ASAuthorizationPublicKeyCredentialResidentKeyPreference](authenticationservices/asauthorizationpublickeycredentialresidentkeypreference.md)
- [ASAuthorizationPublicKeyCredentialUserVerificationPreference](authenticationservices/asauthorizationpublickeycredentialuserverificationpreference.md)
- [ASAuthorizationPublicKeyCredentialDescriptor](authenticationservices/asauthorizationpublickeycredentialdescriptor.md)
- [ASAuthorizationPlatformPublicKeyCredentialDescriptor](authenticationservices/asauthorizationplatformpublickeycredentialdescriptor.md)
- [ASAuthorizationSecurityKeyPublicKeyCredentialDescriptor](authenticationservices/asauthorizationsecuritykeypublickeycredentialdescriptor.md)
- [ASAuthorizationSecurityKeyPublicKeyCredentialDescriptor.Transport](authenticationservices/asauthorizationsecuritykeypublickeycredentialdescriptor/transport.md)
- [allSupported](authenticationservices/asauthorizationsecuritykeypublickeycredentialdescriptor/transport/allsupported.md)

## See Also

### Passkeys

- [Passkey use in web browsers](authenticationservices/passkey-use-in-web-browsers.md)
- [Performing fast account creation with passkeys](authenticationservices/performing-fast-account-creation-with-passkeys.md)
- [Connecting to a service with passkeys](authenticationservices/connecting-to-a-service-with-passkeys.md)