Easily Verify Encrypted Snapshot Backup?

I’ve been using the excellent Hass.io Google Drive Backup add-on, and love it. It works beautifully and gives me peace of mind that I will be able to restore my Pi SD Card system when the SD card eventually fails.

Hass.io Google Drive Backup

My system started getting slow, and it has been over 2 years of use on my SD card, so I decided I would swap it as preventative maintenance. I was shocked to learn I couldn’t restore my snapshots to the new card. I tracked the issue down to human error (me!). I had inadvertently put “!secrets password” with an “s” vs “!secret password” for the password in the Google Drive backup add-on config. Doh!

But it got me thinking about how I could verify if an encrypted snapshot could be verified other than attempting to restore it via Hass.io. I searched, but couldn’t find an answer. Ideally, I’d like to copy the snapshot to my Mac and run some type of validation and/or expansion. I do this with unencrypted tar snapshots.

I noticed with the encrypted tar files, the main tar is unencrypted, and contains a json file and all of the individual encrypted tar.gz files. An entry in the json says it is encrypted with AES128.