Lost my PGP private key, what's next?

Question

I have created a PGP key using GPGTools, and published it a while ago. Things are: I have no longer access to my secret key. Indeed, I unfortunately formatted the wrong drive (encryption was and is enabled).

And because I'm that kind of guy, I have no backup.

Well I know that I can't do anything about it:
Lost PGP private key and want to remove it from keyserver.ubuntu.com

However, I would like to know what I can do now. The expiration date was set (4 years), but there must be better way than to wait that long.

1. Generate a new pair of keys

2. Make a backup

3. ???

Answer 1

If you don't have the private key, and you don't have the revoke certificate, then there is nothing you can do about the existing key.

You should:

1. Generate a new pair of keys
2. Publish your new public key to a key server
3. Let anyone who uses the old key know you have a new one
4. Take the time to generate a revoke certificate and make and store backups.

One option to mark the lost key as revoked on the key server is detailed in this answer here

Answer 2

You can't change the old keys any more, you already realized that, so I'll skip that discussion. I'd change the order of things to do a little bit, though.

1. Set up a reasonable, working backup. One, that will not fail if you format the wrong drive (because you forgot to unplug the backup disk). Do it now, or you'll likely never do it (on one hand because you're "that kind of guy", and on the other hand because this probably matches most people).
2. Verify whether your backup is really working by restoring and comparing its contents.

Now (and not before) you're ready to perform any kind of work on your computer, no matter whether it involves OpenPGP keys or not.

3. Create a new set of key pairs.
4. If you use GnuPG 2.1 (or newer), a revocation certificate will automatically be generated, otherwise do so manually. Apart from having the revocation certificate in the backup you already configured before, consider printing one (QR codes are handy for reading it again). Put it in a safe place, for example a safe deposit box or simply with some trusted family member or friends. It's unlikely you mess up you working copy, backup AND this paper copy not in your house at the same time.
5. Verify both your new set of keys and revocation certificate are in your backup by restoring them.
6. Publish your new key.
7. If your old key received certifications or know other people using your key, send a key transmission statement explaining the situation, prompt others to verify your new key again and not use the old one any more.
8. Get your new key certified as needed.
9. Wait until the lost key expires anyway.

You can't really do anything to notify others throughout the key server network about your old key being lost. Putting a note in other keys' user ID will not really help (people probably won't even read it), but at the same time be visible forever to people looking at your keys. Instead, better issue a third party revocation, which will not be considered valid (as your old key does not list your new key as allowed revoker), but hopefully all relevant OpenPGP clients will issue a warning message on something being fishy (GnuPG does).