No but I would change the password, and make damn sure you know they only managed to get the password but not the private key. It seems not likely. Then you are as secure as your password . GPG Uses a hybrid encryption system. First a PRNG generates a session key. Then your message is asymmetrically encrypted with this session key using one of the symmetric encryption algorithms in the PGP suite. Then the session key is asymmetrically encrypted with the public key of the person you communicate with. When they get the final ciphertext block, first they need to use their private asymmetric key to decrypt the session key. But their private asymmetric key is itself encrypted with a symmetric algorithm, so first they need to type in their password to decrypt it. After it is decrypted, it is used to decrypt the session key which is then used to decrypt your symmetrically encrypted message. Without the password to decrypt the private asymmetric key, having the key file is meaningless (well, other than the fact that they can try to brute force it etc).