Key reissue is really just a slightly modified case of password reset.
In my case, for work systems, I'd either fall back on a system password (yes, they exist and can be used, but rarely are, and are secured), or make an out-of-band request to a co-worker.
In a larger context, you'd want some way of demonstrating that you are who you claim to be (not a trivial problem, but essentially the same one that exists in the password scenario). A one-time time-limited token would be distributed, notifications sent to your contact address(es), and once on the system you'd generate/provide a fresh key.
Keys should, of course be protected. With passwords. As I noted elsewhere, you're not going to eliminate the use of passwords, but you can greatly reduce the threat surface and present problem of huge numbers of readily attacked, weakly secured accounts, many with reused passwords which can be found in existing password corpora.
In my case, for work systems, I'd either fall back on a system password (yes, they exist and can be used, but rarely are, and are secured), or make an out-of-band request to a co-worker.
In a larger context, you'd want some way of demonstrating that you are who you claim to be (not a trivial problem, but essentially the same one that exists in the password scenario). A one-time time-limited token would be distributed, notifications sent to your contact address(es), and once on the system you'd generate/provide a fresh key.
Keys should, of course be protected. With passwords. As I noted elsewhere, you're not going to eliminate the use of passwords, but you can greatly reduce the threat surface and present problem of huge numbers of readily attacked, weakly secured accounts, many with reused passwords which can be found in existing password corpora.