I understand passkeys as authentication through a private/public key generated by the client when creating the credential, with the private key staying client side and the public key kept server side, with some more details around it to make the whole thing discoverable/automatable.

To me the best explanation was just to go to the passkeys.io site, the subject is complicated enough that analogies tend to introduce a lot of cognitive noise IMHO.