220.127.116.11 What happens if my private key is compromised?
If your private key is compromised, that is, if you suspect an attacker may have obtained your private key, then you should assume the attacker can read any encrypted messages sent to you under the corresponding public key, and forge your signature on documents as long as others continue to accept that public key as yours. The seriousness of these consequences underscores the importance of protecting your private key with extremely strong mechanisms (see Question 18.104.22.168).
You must immediately notify any certifying authorities for the public keys and have your public key placed on a certificate revocation list (see Question 22.214.171.124); this will inform people that the private key has been compromised and the public key has been revoked. Then generate a new key pair and obtain a new certificate for the public key. You may wish to use the new private key to re-sign documents you had signed with the compromised private key, though documents that had been timestamped as well as signed might still be valid (see Question 7.11). You should also change the way you store your private key to prevent a compromise of the new key.