Any ElGamal sign+encrypt keys created by GnuPG contain a
cryptographic weakness that may allow someone to obtain
the private key. These keys should be considered
unusable and should be revoked.
The following summary was written by Werner Koch, GnuPG
author:
Phong Nguyen identified a severe bug in the way GnuPG
creates and uses ElGamal keys for signing. This is
a significant security failure which can lead to a
compromise of almost all ElGamal keys used for signing.
Note that this is a real world vulnerability which will
reveal your private key within a few seconds.
...
Please take immediate action and revoke your ElGamal
signing keys. Furthermore you should take whatever
measures necessary to limit the damage done for signed or
encrypted documents using that key.
Note that the standard keys as generated by GnuPG (DSA
and ElGamal encryption) as well as RSA keys are NOT
vulnerable. Note also that ElGamal signing keys cannot
be generated without the use of a special flag to enable
hidden options and even then overriding a warning message
about this key type. See below for details on how to
identify vulnerable keys.