[martinknafve]

OP was referring to creating a hash, signing the hash and publish the signed hash on the web site.

The alternative would be to sign the actual binary file using code signing (internally I assume that relies on a hash ).