How to verify the authenticity of packages when using: "sudo apt install [package name here]"

I am specifically trying to install a command in order to burn to a dvd (on tails OS). I am wondering how I can verify terminal commands that I install with sudo apt install. For example I need to be able to use the command growisofs and also genisoimage but it seems like I am just trusting that the download of these two commands is safe, when something could be malicious, so is there a way to verify them?

I noticed when I ran sudo apt install growisofs it said that I only needed the growisofs_7.1-14+b1_amd64.deb package. It also said it was pulling from tor+ bullseye/main amd64 growisofs amd64 7.1-14+b1. This made me wonder if there is a debian public key and detached signature of this file or a signed file with sha hashes?

Pretty sure what you’re after is all covered here? Maybe section “7.5.5. Alternative per-package signing scheme” offers some clarity?

When you run commands like sudo apt install <package>, the package manager (in this case, Apt), automatically verifies the authenticity of the package for you with trusted keys stored in your Debian installation (and likewise for most other Linux distros, including Fedora), so you don’t have to do that manually. Some of the details differ across distros (e.g., signed repos vs. signed packages), but the general principle holds.