Encrypting/Decrypting an SMTP Password in a Client/Server App

Question

I have a client app that needs to save a username/password for an SMTP Server. This data will be going into SQL Server 2005, and consumed by my server app. The server app will use the System.Net.Mail namespace to send e-mail messages using the supplied credentials (and from that user's e-mail address). How can I encrypt/decrypt the password easily/securely so that I don't have plain-text passwords flying across the wire? Note that the client and server apps are NOT guaranteed to be on the same computer.

Answer 1

There is whole encryption namespace in .NET - System.Security.Cryptography (example) So you can encrypt/decrypt the data on the client.

Now how to store the key to the cipher. This can be stored in app.config encrypted as described here. Note though, that if the user has admin access to the machine, they can decrypt the keys stored in your app.config.