certificates;certifying authority;CA">

Question 120. What Happens if my Private Key is Compromised?

If your private key is compromised, that is, if you suspect an attacker may have obtained your private key, then you must assume that some enemy can read encrypted messages sent to you and forge your signature on documents. The seriousness of these consequences underscores the importance of protecting your private key with extremely strong mechanisms (see Question 121).

You must immediately notify your certifying authority and have your old key placed on a certificate revocation list (see Question 129); this will inform people that the key has been revoked. Then generate a new key and obtain the proper certificates for it. You may wish to use the new key to re-sign documents that you had signed with the compromised key; documents that had been timestamped as well as signed might still be valid. You should also change the way you store your private key, to prevent compromise of the new key.