One of the most challenging problems of cloud service solicitation is to persuade users to trust the security of cloud service and upload their sensitive data. Although cloud service providers can claim that their services are well-protected by elaborate encryption mechanisms, traditional cloud systems still cannot persuade the users that even if the cloud servers are compromised, the data are still securely protected. This study proposes uCloud, a user-centric key management scheme for cloud data protection, to solve this problem. uCloud utilises RSA and indirectly encrypts users' data by users' public keys, but stores the users' private keys on neither servers nor users' PCs; instead, the private keys are stored on users' mobile devices and presented via two-dimensional (2D) barcode images when they are utilised to decrypt users' sensitive data. In this manner, users' data are safely protected even if the cloud servers are compromised. Also, uCloud provides users with the experience of managing visible private keys by storing the keys into mobile phones and displaying them via 2D barcodes. Moreover, three scenarios: personal storage, home surveillance and enterprise storage scenarios are proposed to present the practicability of uCloud. In addition, a hierarchical structure is designed for basic key backup and data sharing in the proposed scheme.