From what you’re describing it sounds like you’re receiving 2 files–one with the payload and one with an MD5 hash for verifying the payload.
The MD5 file is a message digest used to confirm the integrity of the other file. The approach is that on receipt of the payload file, the MD5 hash is calculated and then compared with the MD5 hash in companion file. There are various apps available to assist with this.
Be aware that MD5 has been proven to be weak. Search the web for MD5 and you’ll find plenty of material on that.
Also, with the use of an OpenPGP implementation, such as gnuPG and other encryption tools, a companion MD5 file is unnecessary. PGP provides built-in mechanisms to confirm the integrity of the encrypted file. See if you can leverage that instead.
[Edit] If this does not describe your scenario please additional detail about the MD5 file and its intended use.