Best practices for encrypting and decrypting passwords? (C#/.NET)

Question

I need to store and encrypt a password in a (preferably text) file, that I later need to be able to decrypt. The password is for another service that I use, and needs to be sent

Answer 1

Because you are using WinForms and .Net, your code is going to be visible in MSIL - even if obfuscated, and therefore your decryption code is visible.

Who are you trying to hide the password from? Is the user of the app not supposed to know the password?

I think you are going to need to do some user validation, and I would be tempted to put keys to the decryption in a separate database and provide some other mechanism to get that out which should require authentication. That way you can get the decryption code out of the winforms app.

I would also suggest a separate service which runs to regularly change the encryption decryption keys and updates all passwords in the database.