The download page provides a GPG Signature file for the iso. However, I have not been able to find the key used for signing anywhere. The User Guide and other documentation also does not provide any information or guidance on verifying the iso for non-torrent downloads. Even though such verification might be confusing for new users, I really think verifying through PGP should be strongly recommended, keys easily findable on major keyservers, and proper terminal commands provided in the right places in the documentation.
gpg: Signature made zo 01 jan 2017 23:12:37 EET using RSA key ID 15C1205F gpg: requesting key 15C1205F from hkp server keys.gnupg.net gpgkeys: key 78E2387015C1205F not found on keyserver gpg: no valid OpenPGP data found.