How is the "PackageHash_SHA512_Bytes" calculated and can be used to validate the package integrity?

Hi was just wondering how the "PackageHash_SHA512_Bytes" is calculated and if can be used to validate the package integrity.
It doesn't seem to match the filehash of the actual package file.

[
{
    "Feed_Id": 1,
    "Package_Id": "Mx.Release.Package",
    "Version_Text": "16.0.0",
    "TargetFrameworks_Text": null,
    "Published_Date": "2018-02-05T15:12:41.303Z",
    "Package_Size": 24987,
    "Nuspec_Bytes": "77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cGFja2----trimmed_rest",
    "PackageHash_SHA1_Bytes": "vRLwsut5rwlgYKE0C9aAdwbM2xo=",
    "PackageHash_SHA512_Bytes": "IOKFNp3q+CuDIaSEGAeAh2HrU3B+d7poJHgEj+Lx/h86gB1JiIROAh/SaRaBalSQWVwqU3ctHtP8xxTPmM/T0g==",
    "Symbols_Indicator": false,
    "Source_Indicator": false,
    "Cached_Indicator": false,
    "LastDownloaded_Date": "2018-02-18T12:07:30.22Z",
    "Version_Download_Count": 1,
    "Total_Download_Count": 1
}

]

Product: ProGet
Version: 5.0.8

I forgot to mention that I'm calling the API (api/json/NuGetPackagesV2_GetLatest)
And I noticed the "PackageHash_SHA512_Bytes" was there.

And thought it might be useful if this was in fact the filehash of the package in the response.

ben

Hello Emil,

If source or symbol stripping is enabled on the NuGet feed, the package you download will be dynamically created. If you add a query parameter ?includeSymbols=Y in the package request, ProGet will give you the original nupkg file, which should have the SHA512 sum from that field.