If a hacker hacked into the server you downloaded the .iso from and replaced it, he could also replace the md5sum so that you were none the wiser. This is why its always good practice to get the .iso and md5sums from different locations if at all possible.
pgp signatures on the other hand don't have this problem as in order to "sign" something you need to have access to the secret-key, which (unless the signer is incredibly stupid) won't go anywhere near the download/web server.
With pgp signing, the hacker could still replace the signature with one of his own, but unlike md5, when you verify it, it'll show who owns the signature, so its a little more obvious (if you're paying attention). This is why pgp signing is a better choice than md5, although md5 is fine for checking that the file hasn't been corrupted during download, it's not that good for security purposes. Some projects I've seen take a mixed approach and md5sum the .isos but then pgp clear-sign the md5sum.txt file itself to identify any tampering.
Anyway, that gives you a little insight into the why, now for the wherefore....
You need to download the 'public' key of the developer either from them directly (on their website), or from a key server, and then import it.
gpg --import keyfilename
Then you can verify files by doing a
gpg --verify signaturefilename.asc (not the file to be checked but the .asc that comes with it)
Anyway, that's a quick look at the basics of it, but there's a whole lot more to know. man 'gpg' is a good start. There's also a chapter on it in the slackbasics.org book, which along with the slackbook at slackbook.org is a very good read for a fledgling slacker.
I hope that helps. Enjoy your time with slackware, it's a great distribution.