>If we do it at the Web Service level, that would mean we'll have to access the VFP table from there.<
Why can't you simply have a method in your VFP data access that will return the decrypt key back to the WebService method. You would simply call that VFP method from the WebService method and get the decrypt key and then call the VFP app again once you've decrypted the info.