In order to check that the files (applications, source packages) you downloaded are original and unmodified ones, you can use GnuPG.
GnuPG is installed by default on GNU/Linux. It's also available on Mac and Windows.
GPG keys used to sign applications, sources packages and commits:
This key has expired on 02/27/2017 and hasn't been used since then.