Re: Request for cryptographic mechanisms used in PostgreSQL

public inbox for [email protected]  
help / color / mirror / Atom feed

From: [email protected]
To: Erik Wienhold <[email protected]>
To: ManiR <[email protected]>
Cc: [email protected]
Subject: Re: Request for cryptographic mechanisms used in PostgreSQL
Date: Tue, 20 Jan 2026 11:03:25 -0800
Message-ID: <9510af9c-a300-4702-bddd-83f81297b834@Spark> (raw)
In-Reply-To: <[email protected]>
References: <CAA5LiFbFsaE1qT+iDtRf0769HG7nFuGzPDa9AJwTzEauNK8J=g@mail.gmail.com>
	<[email protected]>

I hope you will consider contributing the finished document back to Postgres, if the core team is interested. This sort of documentation would be very helpful for other organizations, even if they must update it for newer versions.
On Jan 20, 2026 at 02:51 -0800, Erik Wienhold <[email protected]>, wrote:
> On 2026-01-20 10:17 +0100, ManiR wrote:
> > As part of a security documentation update, we are preparing a *Cryptographic
> > Bill of Materials (CBOM)* to document the cryptographic mechanisms used by
> > the services deployed in our environment.
> >
> > We would like your guidance on the *cryptographic mechanisms used by
> > PostgreSQL*, including:
> >
> > -
> >
> > The *types of cryptographic mechanisms* involved (for example, TLS/SSL
> > for client-server communication, authentication mechanisms, password
> > hashing, replication security, encryption at rest where applicable)
> > -
> >
> > The *cryptographic algorithms and protocols* used
> > -
> >
> > The *source or storage location* of cryptographic material (for example,
> > configuration files, certificates, private keys, system catalogs, or
> > external key management systems)
> > -
> >
> > The *purpose* of each mechanism (for example, data-in-transit
> > encryption, authentication, access control, replication security)
> >
> > Our goal is to accurately document PostgreSQL’s cryptographic controls
> > for *compliance
> > and audit purposes*. This request is for documentation clarity only and is *not
> > related to vulnerability disclosure*.
> >
> > Any clarification or references to official PostgreSQL documentation would
> > be greatly appreciated.
>
> Some links to get you going:
>
> https://www.postgresql.org/docs/current/encryption-options.html
> https://www.postgresql.org/docs/current/ssl-tcp.html
> https://www.postgresql.org/docs/current/gssapi-enc.html
> https://www.postgresql.org/docs/current/ssh-tunnels.html
> https://www.postgresql.org/docs/current/client-authentication.html
> https://www.postgresql.org/docs/current/libpq-ssl.html
> https://www.postgresql.org/docs/current/sasl-authentication.html
> https://www.postgresql.org/docs/current/pgcrypto.html
>
> --
> Erik Wienhold
>
>

view thread (2+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Request for cryptographic mechanisms used in PostgreSQL
  In-Reply-To: <9510af9c-a300-4702-bddd-83f81297b834@Spark>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox