The warez group CORE sign their releases with CRCs in their NFO files. They distribute a checker program called core10k.exe which ironically often turns up with malware injected into it on p2p sites.
Yeah but that is to check the file integrity, that's something entirely different. Anyone can calculate a CRC checksum for any garbage files they want, upload it and label it as a CORE release. There is no way to verify that the release is genuine. And if you temper with an authentic release, for example introduce some malware, you can simply recalculate the checksum itself. This would be impossible if the release would be cryptographically signed because you would need COREs private key to generate a valid signature.