Private key not overwritten after deleting public key and recreating passkey.

[Yuntran]

Describe the issue

Private key not overwritten after deleting public key and recreating passkey.

Steps to Reproduce:

1.Go to the server and delete the public key associated with a passkey.
2. Click on Create new passkey from the front-end or initiate the passkey registration process.
3. Scroll down to the point where the new private key is generated on the device.
4. See the error that the private key is generated anew instead of overwriting the old private key.

Expected behavior:

The private key should be overwritten when creating a new passkey after deleting the old public key, preserving the same Credential ID without creating a new private key

Dependencies

• OS: Windows 11
• Browser: Chrome 110

SimpleWebAuthn Libraries

Additional context

Currently, after deleting the public key, the private key is not overwritten upon creating a new passkey. This results in a new private key being generated rather than reusing the old private key.

Possible issues may arise due to how WebAuthn handles the relationship between public and private keys. While public keys are typically stored server-side, private keys remain securely stored on the client device. However, the WebAuthn specification does not inherently support the ability to overwrite private keys, as they are meant to be uniquely generated for each credential. Therefore, it's not guaranteed that overwriting the private key is possible unless custom handling is implemented.