These are signed by Sony with a private encryption key. They install on any standard, unmodified PS3. You can transfer official PKGs via USB or download them directly from PSN. These are legal and safe.
Even if you own a legitimate game, there are practical reasons to install DLC via manual PKG files: Ps3 Dlc Pkg Files
This is the standard method for users running Custom Firmware (CFW) or Homebrew ENabler (HEN/PS3Xploit). These are signed by Sony with a private encryption key
You need to define the file structure for a PS3 Package. PKG files generally follow a header-body structure. If you legally own the game and DLC,
Inside the PKG, there is a table of contents (TOC) listing the files.
struct PkgEntry
uint32_t name_offset; // Location of filename in name table
uint32_t name_size; // Length of filename
uint64_t data_offset; // Location of file data
uint64_t data_size; // Size of file data
uint32_t type; // Directory, File, etc.
uint32_t padding;
;
If you legally own the game and DLC, you can backup your own DLC as PKG using tools like Dump Tool or multiMAN for personal archival use.
On an unmodified PS3 running official firmware (OFW), you never directly handle PKG files. Instead, you purchase DLC from the PlayStation Store, and the console downloads and installs the PKG file automatically in the background.