a verification of an encrypted snapshot can only verify that each chunk referenced by the indices exists and has a valid CRC. those two checks protect against lost chunks (e.g., because of caching/sync issues, or because other verification tasks already detected those chunks as corrupt and removed them) and bitrot (although with less guarantees than a "full" verification of the digest).
