Change the encryption/compression information in the FAQ #8
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using transformations (such as encryption/compression) will have an effect on the changed blob and all the blobs following them. Suppose you change the first byte in a 1GB file, then all 200 blobs will be different and need to be reuploaded. When the compression is done on the blob level, then only the changed part needs to be reuploaded.
This change would be a bit more difficult to implement, because of the following changes:
This encryption should only be used to encrypt the repository, because the underlying storage layer cannot be trusted. It cannot be used to encrypt individual files (with different keys), because each blob should have the same key. If you do need per-file encryption, then you need to encrypt the file using the traditional methods.
The data will be stored with the hash of the transformed data. Because during the encryption of a block a randomized initialization vector is used, the encrypted data cannot use deduplication anymore. If you do want to use deduplication, then you have two options: