Content Verification service
When an object is created, HCP uses cryptographic hash algorithms to calculate various hash values for it. These values, which are generated based on the object data, system metadata, and custom metadata are stored with the primary metadata for the object.
One of the hash values that is generated only from the object data is also stored with the secondary metadata for the object. The cryptographic hash algorithm HCP uses to calculate this hash value is namespace dependent. It is set when the namespace is created. After set, it cannot be changed.
Users and applications can see, but not modify, hash values generated from object data and annotations. They cannot see any other hash values.
For the purpose of content verification, HCP treats the following items as individual objects:
- Parts of multipart objects
- Parts of in-progress multipart uploads
- Chunks for erasure-coded objects
- Chunks for erasure-coded parts of multipart objects
The Content Verification service ensures the integrity of each object by:
- Checking that the object data, system metadata, and custom metadata still match the stored cryptographic hash values
- Ensuring that certain secondary metadata other than the hash value matches the primary metadata for the object
The Content Verification service runs according to the active service schedule.
During HCP content verification, HCP attempts to repair any files that HCP S Series Nodes report as being irreparable.
Cryptographic hash algorithms
HCP supports these cryptographic hash algorithms for selection at the namespace level:
- MD5
- SHA-1
- SHA-256
- SHA-384
- SHA-512
- RIPEMD-160
The more complex the hash algorithm, the greater the impact on performance when objects are stored or when services run.