If I import the public key listed in your post, I get this message:
$ gpg --import pkey2.txt
gpg: key 50268311C7AD3F62: 11 duplicate signatures removed
gpg: key 50268311C7AD3F62: 5 signatures reordered
gpg: key 50268311C7AD3F62: public key "DDoSolitary <Dxxxx@xxxxxx.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
As you can see, the extra signatures listed on your public key are labeled duplicates upon import and do not affect operation or trust of the key.
The extra signatures are most likely from key manipulations. Each modification of your key produces a signature.
All the signatures and dates of the signatures can be extracted from the public key using the --list-packets
option of gpg
.
$ gpg --list-packets pkey.txt |grep -A1 ":signature"
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504334453, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508055794, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508055418, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508056216, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504703268, md5len 0, sigclass 0x18
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504334453, md5len 0, sigclass 0x18
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504703268, md5len 0, sigclass 0x18
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508055418, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504334453, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508056216, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508055794, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508553430, md5len 0, sigclass 0x18
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504334453, md5len 0, sigclass 0x18
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504703268, md5len 0, sigclass 0x18
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508055418, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1504334453, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508056216, md5len 0, sigclass 0x13
--
:signature packet: algo 22, keyid 50268311C7AD3F62
version 4, created 1508055794, md5len 0, sigclass 0x13
The dates are in UNIX EPOCH time. These are all the signatures dates sorted and in a more readable form:
2017-09-02 06:40:53-00
2017-09-02 06:40:53-00
2017-09-02 06:40:53-00
2017-09-02 06:40:53-00
2017-09-02 06:40:53-00
2017-09-06 13:07:48-00
2017-09-06 13:07:48-00
2017-09-06 13:07:48-00
2017-10-15 08:16:58-00
2017-10-15 08:16:58-00
2017-10-15 08:16:58-00
2017-10-15 08:23:14-00
2017-10-15 08:23:14-00
2017-10-15 08:23:14-00
2017-10-15 08:30:16-00
2017-10-15 08:30:16-00
2017-10-15 08:30:16-00
2017-10-21 02:37:10-00
It's fairly easy to see that the signature times occur during the key manipulations.
$ gpg --edit-key 688E1D093C3638F588890D4450268311C7AD3F62
pub ed25519/50268311C7AD3F62
created: 2017-09-02 expires: never usage: SC
trust: unknown validity: unknown
sub ed25519/E758605C3A2792F6
created: 2017-09-06 expires: never usage: A
sub ed25519/6DC20782F6E9E2F3
created: 2017-10-21 expires: 2018-10-21 usage: S
sub cv25519/1224F2883BEE2AA5
created: 2017-09-02 expires: never usage: E
[ unknown] (1). DDoSolitary <Dxxxxxx@xxxxxx1.com>
[ unknown] (2) DDoSolitary <Dxxxxxx@xxxxxx2.com>
[ unknown] (3) [jpeg image of size 29903]
So, looking at the key, there's nothing that's stands out as incorrect on the key, either as posted on the public key server or on the imported key.
As as side note: the trust level on the public key as listed in my system will not be the same as in your system. Trust is under local control. The trust is set as unknown by default. However, it is unwise to blindly trust public keys listed in a keyserver.