MIME-Version: 1.0
From: ManiR <mani.retnaswamy@gmail.com>
Date: Tue, 20 Jan 2026 14:47:36 +0530
Message-ID: <CAA5LiFbFsaE1qT+iDtRf0769HG7nFuGzPDa9AJwTzEauNK8J=g@mail.gmail.com>
Subject: Request for cryptographic mechanisms used in PostgreSQL
To: pgsql-general@postgresql.org
Content-Type: multipart/alternative; boundary="000000000000f4da770648ce47d6"
Archived-At: <https://www.postgresql.org/message-id/CAA5LiFbFsaE1qT%2BiDtRf0769HG7nFuGzPDa9AJwTzEauNK8J%3Dg%40mail.gmail.com>
Precedence: bulk

--000000000000f4da770648ce47d6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi PostgreSQL community,

As part of a security documentation update, we are preparing a *Cryptograph=
ic
Bill of Materials (CBOM)* to document the cryptographic mechanisms used by
the services deployed in our environment.

We would like your guidance on the *cryptographic mechanisms used by
PostgreSQL*, including:

   -

   The *types of cryptographic mechanisms* involved (for example, TLS/SSL
   for client-server communication, authentication mechanisms, password
   hashing, replication security, encryption at rest where applicable)
   -

   The *cryptographic algorithms and protocols* used
   -

   The *source or storage location* of cryptographic material (for example,
   configuration files, certificates, private keys, system catalogs, or
   external key management systems)
   -

   The *purpose* of each mechanism (for example, data-in-transit
   encryption, authentication, access control, replication security)

Our goal is to accurately document PostgreSQL=E2=80=99s cryptographic contr=
ols
for *compliance
and audit purposes*. This request is for documentation clarity only and is =
*not
related to vulnerability disclosure*.

Any clarification or references to official PostgreSQL documentation would
be greatly appreciated.

Thank you for your time and support.

--000000000000f4da770648ce47d6
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><p class=3D"gmail-isSelectedEnd">Hi PostgreSQL community,<=
/p><p class=3D"gmail-isSelectedEnd">As part of a security documentation upd=
ate, we are preparing a=C2=A0<strong>Cryptographic Bill of Materials (CBOM)=
</strong>=C2=A0to document the cryptographic mechanisms used by the service=
s deployed in our environment.</p><p class=3D"gmail-isSelectedEnd">We would=
 like your guidance on the=C2=A0<strong>cryptographic mechanisms used by Po=
stgreSQL</strong>, including:</p><ul><li><p class=3D"gmail-isSelectedEnd">T=
he=C2=A0<strong>types of cryptographic mechanisms</strong>=C2=A0involved (f=
or example, TLS/SSL for client-server communication, authentication mechani=
sms, password hashing, replication security, encryption at rest where appli=
cable)</p></li><li><p class=3D"gmail-isSelectedEnd">The=C2=A0<strong>crypto=
graphic algorithms and protocols</strong>=C2=A0used</p></li><li><p class=3D=
"gmail-isSelectedEnd">The=C2=A0<strong>source or storage location</strong>=
=C2=A0of cryptographic material (for example, configuration files, certific=
ates, private keys, system catalogs, or external key management systems)</p=
></li><li><p class=3D"gmail-isSelectedEnd">The=C2=A0<strong>purpose</strong=
>=C2=A0of each mechanism (for example, data-in-transit encryption, authenti=
cation, access control, replication security)</p></li></ul><p class=3D"gmai=
l-isSelectedEnd">Our goal is to accurately document PostgreSQL=E2=80=99s cr=
yptographic controls for=C2=A0<strong>compliance and audit purposes</strong=
>. This request is for documentation clarity only and is=C2=A0<strong>not r=
elated to vulnerability disclosure</strong>.</p><p class=3D"gmail-isSelecte=
dEnd">Any clarification or references to official PostgreSQL documentation =
would be greatly appreciated.</p><p>Thank you for your time and support.</p=
></div>

--000000000000f4da770648ce47d6--