Home > mailing lists

encrypted pk8 keys work with libpg connection but not in postgres_fdw - Mailing list pgsql-bugs

From	Hunter Payne
Subject	encrypted pk8 keys work with libpg connection but not in postgres_fdw
Date	July 10 18:11:19
Msg-id	j4NR4f-fYjDanZvfgbMCCk_qxwKVMWrSM6XV4mJSTgTeK3wTsEMVX9Ux15bKmNB43T08u7LrT2I4wnl30LNPhCGlEsSbMkXsvlqbcxNxFUA=@proton.me Whole thread Raw
List	pgsql-bugs

Tree view

Hello,

I am using mtls ssl encryption with postgres. It works and even accepts an encrypted pk8 file. I found two things that perhaps will help your team out.

The pk8 file must use this flag on the openssl pkcs8 command to generate the pk8 file -v1 pbeWithSHA1And3-KeyTripleDES-CBC and the PgJDBC docs are wrong about this and state to use-v1 PBE-MD5-DES which doesn't work. I think the docs just weren't updated when the encryption was updated at some point in the past.
When I use postgres_fdw to make the same JDBC connection it only works if I use an unencrypted pk8 file to hold the sslkey.

I am using postgres in the alpine docker container (16.3-alpine3.20). Please let me know if and when this changes and I can use encrypted pk8 files to hold keys in postgres_fdw too.

Thank you,

Hunter

pgsql-bugs by date:

From: Masahiko Sawada
Date: 10 July, 08:30:55
Subject: Re: Potential data loss due to race condition during logical replication slot creation

From: "Ware, Christopher M. (LARC-D318)[RSES]"
Date: 10 July, 19:31:28
Subject: RE: [EXTERNAL] Re: BUG #18528: Installer displays error when installing

encrypted pk8 keys work with libpg connection but not in postgres_fdw - Mailing list pgsql-bugs

Previous

Next