If you've lost the signing passphrase for a PGP key, you should revoke it. This article can help: https://medium.com/@fro_g/oh-no-i-forgot-my-pgp-private-keys-passphrase-6ec1d0228b48
I believe you'll need to publish a new version of your software with your updated signing keys - which also need to be published to a keyserver such as http://pgp.mit.edu/ . Information about working with a new PGP key for Maven Central is available at this link: https://central.sonatype.org/pages/working-with-pgp-signatures.html
p.s. By the way - I can see you've probably found us here as the Maven project uses Jira for bug tracking. This is a community about Jira and other Atlassian products though; while a few folks might be able to answer Maven questions, in general I think you'll want the Maven mailinglists instead: https://maven.apache.org/mailing-lists.html
Catch up with Atlassian Product Managers in our 2020 Demo Den round-up! From Advanced Roadmaps to Code in Jira to Next-Gen Workflows, check out the videos below to help up-level your work in the new ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event