The problem you are seeing is probably not related to the .dmg file or DropDMG. The app should definitely be signed before creating the .dmg. In fact, the .dmg is normally read-only, so it would not be possible to sign the .app afterwards. Disk image files do not need to be signed (and, actually, cannot be).
In order for Gatekeeper to accept the app, you can:
Make sure that you are not modifying the .app after signing it.