Simplest way I can think to explain it is that it’s similar in concept to SSL. If you understand SSL you should be able to understand passkeys.