| From: | ManiR <mani(dot)retnaswamy(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Request for cryptographic mechanisms used in PostgreSQL |
| Date: | 2026-01-20 09:17:36 |
| Message-ID: | CAA5LiFbFsaE1qT+iDtRf0769HG7nFuGzPDa9AJwTzEauNK8J=g@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi PostgreSQL community,
As part of a security documentation update, we are preparing a *Cryptographic
Bill of Materials (CBOM)* to document the cryptographic mechanisms used by
the services deployed in our environment.
We would like your guidance on the *cryptographic mechanisms used by
PostgreSQL*, including:
-
The *types of cryptographic mechanisms* involved (for example, TLS/SSL
for client-server communication, authentication mechanisms, password
hashing, replication security, encryption at rest where applicable)
-
The *cryptographic algorithms and protocols* used
-
The *source or storage location* of cryptographic material (for example,
configuration files, certificates, private keys, system catalogs, or
external key management systems)
-
The *purpose* of each mechanism (for example, data-in-transit
encryption, authentication, access control, replication security)
Our goal is to accurately document PostgreSQL’s cryptographic controls
for *compliance
and audit purposes*. This request is for documentation clarity only and is *not
related to vulnerability disclosure*.
Any clarification or references to official PostgreSQL documentation would
be greatly appreciated.
Thank you for your time and support.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Erik Wienhold | 2026-01-20 10:51:35 | Re: Request for cryptographic mechanisms used in PostgreSQL |
| Previous Message | Nicolas Seinlet | 2026-01-20 08:50:33 | pg_trgm upgrade to 1.6 led to load average increase |