SHA checksums are nice and all, but I would prefer binary signing using GPG as well as the Gatekeeper and the Windows equivalent.
You want to use GnuPG to sign a large binary without involving a hash algorithm? Why? That is pretty unusual and I recommend to stick to the cryptographical best practice which is using a hash.