If your private key is compromised, that is, if you suspect an attacker
may have obtained your private key, then you must assume that some
enemy can read encrypted messages sent to you and forge your name on
documents. The seriousness of these consequences underscores the
importance of protecting your private key with extremely strong
mechanisms (see Question 3.3.15).
You must immediately notify your certifying authority and have your old key placed on a Certificate Revocation List (see Question 3.3.11); this will inform people that the key has been revoked. Then choose a new key and obtain the proper certificates for it. You may wish to use the new key to re-sign documents that you had signed with the compromised key; documents that had been time-stamped as well as signed might still be valid. You should also change the way you store your private key, to prevent compromise of the new key.