On 2026-01-20 10:17 +0100, ManiR wrote: > As part of a security documentation update, we are preparing a *Cryptographic > Bill of Materials (CBOM)* to document the cryptographic mechanisms used by > the services deployed in our environment. > > We would like your guidance on the *cryptographic mechanisms used by > PostgreSQL*, including: > > - > > The *types of cryptographic mechanisms* involved (for example, TLS/SSL > for client-server communication, authentication mechanisms, password > hashing, replication security, encryption at rest where applicable) > - > > The *cryptographic algorithms and protocols* used > - > > The *source or storage location* of cryptographic material (for example, > configuration files, certificates, private keys, system catalogs, or > external key management systems) > - > > The *purpose* of each mechanism (for example, data-in-transit > encryption, authentication, access control, replication security) > > Our goal is to accurately document PostgreSQL’s cryptographic controls > for *compliance > and audit purposes*. This request is for documentation clarity only and is > *not > related to vulnerability disclosure*. > > Any clarification or references to official PostgreSQL documentation would > be greatly appreciated.
Some links to get you going: https://www.postgresql.org/docs/current/encryption-options.html https://www.postgresql.org/docs/current/ssl-tcp.html https://www.postgresql.org/docs/current/gssapi-enc.html https://www.postgresql.org/docs/current/ssh-tunnels.html https://www.postgresql.org/docs/current/client-authentication.html https://www.postgresql.org/docs/current/libpq-ssl.html https://www.postgresql.org/docs/current/sasl-authentication.html https://www.postgresql.org/docs/current/pgcrypto.html -- Erik Wienhold
