Problem
You ship a file. Later someone says “it changed.” Now you’re stuck arguing without proof.
Why it matters
Integrity disputes create audit noise, rework, and trust issues — especially when artifacts travel across machines and teams.
What it does
- Calculates an MD5 checksum for a chosen file
- Writes the checksum to an output file
- Produces validation instructions so others can verify independently
Use cases that triggered it
- Transfer artifacts between systems and make tampering detectable.
- Quick integrity checks in small automation pipelines.
- Lightweight chain-of-custody support (no legal theatre).
Safe use & controls
- MD5 is for integrity checks, not cryptographic assurance. For higher assurance use SHA‑256.
- Store the hash file alongside the artifact in controlled storage.
- Don’t publish sensitive filenames/paths in public outputs.
Limitations
- MD5 is not collision‑resistant; don’t use it for signatures or security guarantees.