Suppose you download a package (deb, rpm, tar … what ever) from the net. How do you determine whether the package is genuine or not. Put differently, how do you ensure that the package has not been tampered ?

There is a simple way to ensure that.  You use the utility md5sum.

When you download the package from a location on the net – preferably from the package author’s website, you run the command md5sum as follows :

$ md5sum  package-name
kdhoeio234208lsdkja390lsjd232sa   package-name

The string of numbers (which is the output shown above) can then be checked with the MD5 checksum published by the packager. This method is especially useful for checking the integrity of a package before installing it.