What are the risks in backing up private keys on services like Dropbox?

backup restore private-key

I have a couple of private keys that I use to administer Amazon EC2 instances.

I recently lost these keys when I did a re-install of my computer and I found out that the CD-RW I'd backed them up to was unreadable. So, I'm looking for a slightly more robust backup solution and I'm thinking about using something like Dropbox, because it uses SSL for confidentiality of transport and then my data is stored securely.

Is the risk I take backing up my keys on a service like this purely that the provider could screw up or be corrupt, or have I missed something else?

Update: The private keys have a pass phrase.


There's also the whole "Dropbox can read your stuff" problem.

What you should do is encrypt everything before putting it into Dropbox. Use something like KeePass as a secrets vault. Put a good password on it. KeePass will encrypt locally, before putting your stuff into Dropbox. You will then use KeePass on other computers to access those secrets.

Take a look at:

https://superuser.com/questions/351525/is-keeping-a-keepass-file-in-dropbox-safe

So, in summary, encrypt locally. Use Dropbox to sync those encrypted files.

Related

SAN alternative for VMWare
What is the correct response for a DNS server when a domain does not exist?
How can I avoid heroku stopping my dyno?
Weird file corruption when using FTP. Any theories?
Block HTTP 1.0 with nginx
Mixing dual and single port SAS disks
How to use PAM to limit failed login attempts by IP?
systemctl not found on debian squeeze
Limit infinity involving floor function
How can I extend a finitely additive measure?
Analysis of the problem
Inverse Mapping Theorem implies Open Mapping Theorem