CottonSeekable chunks
Seekable chunks

Seek inside encrypted video. Without decrypting the file.

Range reads through AES-GCM chunks. Per-chunk auth tags verify the slice on the fly. No temp file, no full download. Most self-hosted clouds decrypt to disk first. This one assembles the byte range from the encrypted store directly.

Range readsConcatenated streamsFFmpeg preview extractionEncrypted chunksNo full reassembly

The usual large-media trap

A naive encrypted chunk store has an ugly read path: rebuild the full file into memory or a temporary object, then let the browser or preview tool seek inside that rebuilt copy. That wastes RAM, disk, time, and operator patience.

  • Video preview should not require full-file reassembly.
  • A paused download should not need the server to read from byte zero again.
  • Object storage should not force a separate whole-file cache for ordinary range reads.

Logical stream over chunks

Cotton assembles a single seekable stream from multiple chunk streams. Seek locates the target chunk by cumulative offsets and switches the underlying chunk stream so reads continue from the correct physical piece.

Range responses

The same stream shape can serve HTTP Range requests and partial downloads. The product result is simple: large files can be read in pieces instead of becoming a full-object transfer every time.

Preview extraction

Video preview generation can point FFmpeg at a range-capable local stream bridge. FFmpeg can ask for metadata and frames through byte ranges without Cotton writing a complete temporary source file first.

Compression and encryption make it hard

Seeking is not just concatenating plain files. Cotton still has to preserve per-chunk AES-GCM authentication, nonce discipline, compression ordering, chunk boundaries, and concurrent range reads without trusting unauthenticated bytes.

S3-backed storage implication

Because the abstraction is chunk streams rather than a single local file path, the same logical model can work when chunks live behind filesystem storage or S3-compatible object storage. The backend changes, but the read contract stays stable.

Seek path proof

The proof is a concrete read shape: manifest offsets identify chunks, the logical stream seeks to the right chunk, processors read back through the backend, crypto, and decompression stages, and callers receive a normal stream or HTTP Range response.

Media stays usable

This is one of the differences between a storage engine and a real file cloud. The file can be large, encrypted, chunked, previewable, shareable, and still readable by slice.

Not a universal codec promise

Seekable chunk reads make partial access possible. Browser codec support, FFmpeg availability, file corruption, client behavior, and deployment performance still decide what a specific media file can preview or play.

Range proof

A browser asks for bytes. Cotton should not panic and rebuild the world.

The interesting part is not that chunks exist. The interesting part is that Cotton can serve useful slices from encrypted chunked storage while keeping the normal storage pipeline intact.

Seekable encrypted chunks diagramManifest offsets, backend reads, decrypt/decompress stages, and Range responses keep large encrypted files readable by slice.
01manifest offsets
02chunk lookup
03seek target
04backend read
05decrypt chunk
06decompress
07range response

No temp source file

Downloads and preview tools can read slices without rebuilding the whole object first.

Media scrub support

Range-capable reads give video players and preview generators the byte access they expect.

Authenticated chunks

Seeking still has to respect per-chunk AES-GCM tags and nonce layout before bytes are trusted.

Backend-neutral shape

The stream abstraction can sit over filesystem chunks or S3-compatible object storage.

Media outcome

Large files stay readable by slice, not only by full download.

That is why previews, posters, resume, range downloads, and media seeking belong in the architecture story. The user-visible feature is ordinary playback and partial access; the proof is the seekable encrypted stream underneath.

  • Manifest offsets map logical bytes to physical chunks.
  • Seek switches the active chunk stream at the target offset.
  • Reads pass backward through backend, crypto, and decompression.
  • FFmpeg can use a range-capable bridge for preview extraction.
  • Browsers and clients can resume or scrub through HTTP Range.
  • Codec support and generator availability remain honest limits.
FAQ

Direct answers

Does Cotton need to rebuild a whole file before serving a range?

No. The seekable read path can assemble the requested bytes from stored chunks as a logical stream, so range downloads and previews do not need a full temporary source file first.

How does this help video previews?

FFmpeg can request the parts it needs through a range-capable stream bridge. That helps poster extraction and legacy-video preview paths without preconverting or rebuilding the complete source object first.

Does encryption make seeking unsafe?

It can if implemented carelessly. Cotton's public claim is narrower: per-chunk authenticated storage can still support seeking when the pipeline preserves chunk boundaries, nonce/authentication rules, and processor ordering.

Does this mean every video format plays natively in the browser?

No. Browser codec support still matters. Seekable storage provides the byte-access foundation; native playback or HLS preview support depends on the file type and generator path.