Strangely, I was thinking about this problem this morning. A "keychain code" (aka, randomly generated passphrase) doesn't seem any more usable. It moves from "it's hard to securely sync private keys across devices", to "it's hard to securely sync long passphrases between devices".<p>Why not a user chosen passphrase, with pretty extreme key stretching (w seed)? Allow fetching the encrypted key with any piece of ID similar (email, twitter handle). The key stretching makes brute-force or dictionary attacks pretty much impossible.<p><a href="http://en.wikipedia.org/wiki/Key_stretching" rel="nofollow">http://en.wikipedia.org/wiki/Key_stretching</a>
Sooo what happens when whiteout gets an NSL and suddenly the "we don't store the keycode on our server.... trust us" mantra gets thrown out the window? Why invent your own authentication protocol with AES-256-GCM when this seems like a clear-cut case for TLS? Why use PBKDF2 over Scrypt?
I don't see how this is any significant improvement over just having passphrase protected private key in your dropbox. In both cases some cloud server has similar access to encrypted keyfile.