What are the risks in backing up private keys on services like Dropbox?
I have a couple of private keys that I use to administer Amazon EC2 instances.
I recently lost these keys when I did a re-install of my computer and I found out that the CD-RW I'd backed them up to was unreadable. So, I'm looking for a slightly more robust backup solution and I'm thinking about using something like Dropbox, because it uses SSL for confidentiality of transport and then my data is stored securely.
Is the risk I take backing up my keys on a service like this purely that the provider could screw up or be corrupt, or have I missed something else?
Update: The private keys have a pass phrase.
There's also the whole "Dropbox can read your stuff" problem.
What you should do is encrypt everything before putting it into Dropbox. Use something like KeePass as a secrets vault. Put a good password on it. KeePass will encrypt locally, before putting your stuff into Dropbox. You will then use KeePass on other computers to access those secrets.
Take a look at:
https://superuser.com/questions/351525/is-keeping-a-keepass-file-in-dropbox-safe
So, in summary, encrypt locally. Use Dropbox to sync those encrypted files.