I've got a few questions about the implications of CBC mode in this application.
First, how do you handle large chunk support with CBC mode, since it doesn't support random writes? If I use 100MB chunks and change a single byte at the start of the file, do you have to reupload all 100MB?
Second, since CBC mode does not provide authentication, are the blocks protected with a MAC of some kind? (And if so, is the MAC over the ciphertext rather than the plaintext?)