Verifying file is correct and safe
 

I wish to download a file. Next to the download link, it displays the below MD5 hash along with a "signature" link which provides the below PGP signature. Three questions

1. To test MD5, I do #md5sum MyS*, and then I check to make sure the hashes are equal using my eyes. Is it possible to include the hash off the website in the md5sum command and have it exit either yes or no?
2. Should I use the MD5 or the PGP? EDIT. I've since seen SHA1. Which one to use of the three?
3. How do I verify the file using the PGP signature?

Thanks!

1. Create a file with 'echo "c766aced5129a6f644992af125cdd4fc MySQL-5.6.12-1.el6.i686.rpm-bundle.tar" > MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.md5'. Then you can do 'md5sum -c MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.md5' which will return the filename and OK after a successful check.
2. MD5 is no longer considered secure, but is still useful for checking for an uncorrupted download.
3. Copy the signature into a file MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.asc and then do 'gpg2 --verify MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.asc'. Note:- You will need to install the PGP key from the supplier before this using a command like 'gpg2 --import <keyfile>' or 'gpg2 --fetchkeys <URI>'.