Re: Request for cryptographic mechanisms used in PostgreSQL

From: dmurvihill(at)gmail(dot)com
To: Erik Wienhold <ewie(at)ewie(dot)name>, ManiR <mani(dot)retnaswamy(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Request for cryptographic mechanisms used in PostgreSQL
Date: 2026-01-20 19:03:25
Message-ID: 9510af9c-a300-4702-bddd-83f81297b834@Spark
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-general

I hope you will consider contributing the finished document back to Postgres, if the core team is interested. This sort of documentation would be very helpful for other organizations, even if they must update it for newer versions.
On Jan 20, 2026 at 02:51 -0800, Erik Wienhold <ewie(at)ewie(dot)name>, wrote:
> On 2026-01-20 10:17 +0100, ManiR wrote:
> > As part of a security documentation update, we are preparing a *Cryptographic
> > Bill of Materials (CBOM)* to document the cryptographic mechanisms used by
> > the services deployed in our environment.
> >
> > We would like your guidance on the *cryptographic mechanisms used by
> > PostgreSQL*, including:
> >
> > -
> >
> > The *types of cryptographic mechanisms* involved (for example, TLS/SSL
> > for client-server communication, authentication mechanisms, password
> > hashing, replication security, encryption at rest where applicable)
> > -
> >
> > The *cryptographic algorithms and protocols* used
> > -
> >
> > The *source or storage location* of cryptographic material (for example,
> > configuration files, certificates, private keys, system catalogs, or
> > external key management systems)
> > -
> >
> > The *purpose* of each mechanism (for example, data-in-transit
> > encryption, authentication, access control, replication security)
> >
> > Our goal is to accurately document PostgreSQL’s cryptographic controls
> > for *compliance
> > and audit purposes*. This request is for documentation clarity only and is *not
> > related to vulnerability disclosure*.
> >
> > Any clarification or references to official PostgreSQL documentation would
> > be greatly appreciated.
>
> Some links to get you going:
>
> https://www.postgresql.org/docs/current/encryption-options.html
> https://www.postgresql.org/docs/current/ssl-tcp.html
> https://www.postgresql.org/docs/current/gssapi-enc.html
> https://www.postgresql.org/docs/current/ssh-tunnels.html
> https://www.postgresql.org/docs/current/client-authentication.html
> https://www.postgresql.org/docs/current/libpq-ssl.html
> https://www.postgresql.org/docs/current/sasl-authentication.html
> https://www.postgresql.org/docs/current/pgcrypto.html
>
> --
> Erik Wienhold
>
>

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Nico Williams 2026-01-20 20:04:05 Re: Request for cryptographic mechanisms used in PostgreSQL
Previous Message Matt Magoffin 2026-01-20 18:36:42 Collation with upper and numeric comparing in unexpected way