MD5 checksums help answer the question “Did I download this file correctly from whoever sent it to me?” They ensure that your download is error-free, but they do not verify the source of the file. To ensure the file's authenticity, it's better to ask: “Is this file I downloaded genuinely from the project developers, or has it been altered?” This is where MD5 files come into play.
MD5 files are provided for each downloaded package. When downloading a file, make sure to also download its accompanying MD5 file by clicking on the “MD5” link next to it on the download page. For example, to verify the file electrum-xvg-4.3.1.exe, you will need the MD5 file electrum-xvg-4.3.1.exe.md5.
Open a terminal (Linux/macOS) or Command Prompt (Windows) and navigate to the directory containing the downloaded file.
md5sum electrum-xvg-4.3.1.exe
certutil -hashfile electrum-xvg-4.3.1.exe MD5
You should see a string of characters printed, which represents the MD5 checksum of the file.
Compare the calculated MD5 checksum with the one provided in the MD5 file. If they match, the file has not been altered.
To verify the integrity of the downloaded file, compare its MD5 checksum with the one provided in the MD5 file. If they match, the file is intact and has not been tampered with.
Thanks to Emily Johnson for writing these instructions.