Update client-side-encryption.md

derdanu · web-flow · commit d48669a34d6b · 2024-08-28T12:19:41.000+02:00
Add chunk size information for CSEv2.
diff --git a/articles/storage/blobs/client-side-encryption.md b/articles/storage/blobs/client-side-encryption.md
@@ -91,7 +91,7 @@ Decryption via the envelope technique works as follows:
 
 ### Encryption/decryption on blob upload/download
 
-The Blob Storage client library supports encryption of whole blobs only on upload. For downloads, both complete and range downloads are supported.
+The Blob Storage client library supports encryption of whole blobs only on upload. For downloads, both complete and range downloads are supported. Client-side encryption v2 chunks data into 4MB buffered authenticated encryption blocks which can only be transformed whole.
 
 During encryption, the client library generates a random initialization vector (IV) of 16 bytes and a random CEK of 32 bytes, and performs envelope encryption of the blob data using this information. The wrapped CEK and some additional encryption metadata are then stored as blob metadata along with the encrypted blob.
 
