public inbox for [email protected]
help / color / mirror / Atom feedRe: Request for cryptographic mechanisms used in PostgreSQL
2+ messages / 2 participants
[nested] [flat]
* Re: Request for cryptographic mechanisms used in PostgreSQL
@ 2026-01-20 10:51 Erik Wienhold <[email protected]>
2026-01-20 19:03 ` Re: Request for cryptographic mechanisms used in PostgreSQL [email protected]
0 siblings, 1 reply; 2+ messages in thread
From: Erik Wienhold @ 2026-01-20 10:51 UTC (permalink / raw)
To: ManiR <[email protected]>; +Cc: pgsql-general
On 2026-01-20 10:17 +0100, ManiR wrote:
> As part of a security documentation update, we are preparing a *Cryptographic
> Bill of Materials (CBOM)* to document the cryptographic mechanisms used by
> the services deployed in our environment.
>
> We would like your guidance on the *cryptographic mechanisms used by
> PostgreSQL*, including:
>
> -
>
> The *types of cryptographic mechanisms* involved (for example, TLS/SSL
> for client-server communication, authentication mechanisms, password
> hashing, replication security, encryption at rest where applicable)
> -
>
> The *cryptographic algorithms and protocols* used
> -
>
> The *source or storage location* of cryptographic material (for example,
> configuration files, certificates, private keys, system catalogs, or
> external key management systems)
> -
>
> The *purpose* of each mechanism (for example, data-in-transit
> encryption, authentication, access control, replication security)
>
> Our goal is to accurately document PostgreSQL’s cryptographic controls
> for *compliance
> and audit purposes*. This request is for documentation clarity only and is *not
> related to vulnerability disclosure*.
>
> Any clarification or references to official PostgreSQL documentation would
> be greatly appreciated.
Some links to get you going:
https://www.postgresql.org/docs/current/encryption-options.html
https://www.postgresql.org/docs/current/ssl-tcp.html
https://www.postgresql.org/docs/current/gssapi-enc.html
https://www.postgresql.org/docs/current/ssh-tunnels.html
https://www.postgresql.org/docs/current/client-authentication.html
https://www.postgresql.org/docs/current/libpq-ssl.html
https://www.postgresql.org/docs/current/sasl-authentication.html
https://www.postgresql.org/docs/current/pgcrypto.html
--
Erik Wienhold
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Request for cryptographic mechanisms used in PostgreSQL
2026-01-20 10:51 Re: Request for cryptographic mechanisms used in PostgreSQL Erik Wienhold <[email protected]>
@ 2026-01-20 19:03 ` [email protected]
0 siblings, 0 replies; 2+ messages in thread
From: [email protected] @ 2026-01-20 19:03 UTC (permalink / raw)
To: Erik Wienhold <[email protected]>; ManiR <[email protected]>; +Cc: pgsql-general
I hope you will consider contributing the finished document back to Postgres, if the core team is interested. This sort of documentation would be very helpful for other organizations, even if they must update it for newer versions.
On Jan 20, 2026 at 02:51 -0800, Erik Wienhold <[email protected]>, wrote:
> On 2026-01-20 10:17 +0100, ManiR wrote:
> > As part of a security documentation update, we are preparing a *Cryptographic
> > Bill of Materials (CBOM)* to document the cryptographic mechanisms used by
> > the services deployed in our environment.
> >
> > We would like your guidance on the *cryptographic mechanisms used by
> > PostgreSQL*, including:
> >
> > -
> >
> > The *types of cryptographic mechanisms* involved (for example, TLS/SSL
> > for client-server communication, authentication mechanisms, password
> > hashing, replication security, encryption at rest where applicable)
> > -
> >
> > The *cryptographic algorithms and protocols* used
> > -
> >
> > The *source or storage location* of cryptographic material (for example,
> > configuration files, certificates, private keys, system catalogs, or
> > external key management systems)
> > -
> >
> > The *purpose* of each mechanism (for example, data-in-transit
> > encryption, authentication, access control, replication security)
> >
> > Our goal is to accurately document PostgreSQL’s cryptographic controls
> > for *compliance
> > and audit purposes*. This request is for documentation clarity only and is *not
> > related to vulnerability disclosure*.
> >
> > Any clarification or references to official PostgreSQL documentation would
> > be greatly appreciated.
>
> Some links to get you going:
>
> https://www.postgresql.org/docs/current/encryption-options.html
> https://www.postgresql.org/docs/current/ssl-tcp.html
> https://www.postgresql.org/docs/current/gssapi-enc.html
> https://www.postgresql.org/docs/current/ssh-tunnels.html
> https://www.postgresql.org/docs/current/client-authentication.html
> https://www.postgresql.org/docs/current/libpq-ssl.html
> https://www.postgresql.org/docs/current/sasl-authentication.html
> https://www.postgresql.org/docs/current/pgcrypto.html
>
> --
> Erik Wienhold
>
>
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2026-01-20 19:03 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-01-20 10:51 Re: Request for cryptographic mechanisms used in PostgreSQL Erik Wienhold <[email protected]>
2026-01-20 19:03 ` [email protected]
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox