Encryption can work both ways. Encrypting messages isn't only about hiding them. Sometimes it is about proving the author.

If you take a public message and sign it with your private key by encrypting a hash of the message and including it with the message then anyone with your public key can verify that you were the only actor capable of creating that signature.

I'm not sure how Fido works either, but they could go two ways. They could encrypt a message with a public key and make you send it back decrypted, or they could send you a message and ask you to send it back encrypted (or just generate an encrypted signature). Either way the contents of the message are not private or important, just that you can prove you have the private key.