Hi there,
I thought I would just provide you with a bit more explicit information on this:
First set up gpg by running:
Go with the defaults they should be fine for your needs and then enter your details.
Now export your key, distribute this widely so that it can be verified. If you only place it on your website then it may be hard to verify that it hasn't been replaced and a new key used to sign the file.
Now sign the file:
A new file will be created called my.sum.asc, which is the ascii armours, i.e. human readable format of the signed md5sum.