diff --git a/NEWS b/NEWS
index 0c5c87107..50b8a77fc 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,9 @@
-2.0.5 (2013-02-dd)
+2.0.5 (2013-03-dd)
 ------------------
 
 New features
- - 
+ - new system default SOGoEncryptionKey to be used to encrypt the passwords of
+   remote Web calendars when SOGoTrustProxyAuthentication is enabled
 
 Enhancements
  - Added logging of the X-Forwarded-For HTTP header (#2229)
diff --git a/SoObjects/Appointments/SOGoWebAppointmentFolder.m b/SoObjects/Appointments/SOGoWebAppointmentFolder.m
index 0c405ffba..f5c004c84 100644
--- a/SoObjects/Appointments/SOGoWebAppointmentFolder.m
+++ b/SoObjects/Appointments/SOGoWebAppointmentFolder.m
@@ -1,6 +1,6 @@
 /* SOGoWebAppointmentFolder.m - this file is part of SOGo
  *
- * Copyright (C) 2009-2010 Inverse inc.
+ * Copyright (C) 2009-2013 Inverse inc.
  *
  * Author: Cyril Robert <crobert@inverse.ca>
  *         Ludovic Marcotte <lmarcotte@inverse.ca>
@@ -37,6 +37,7 @@
 #import <NGCards/iCalCalendar.h>
 #import <GDLContentStore/GCSFolder.h>
 #import <SOGo/SOGoAuthenticator.h>
+#import <SOGo/SOGoSystemDefaults.h>
 #import <SOGo/SOGoUser.h>
 #import <SOGo/SOGoUserSettings.h>
 #import <SOGo/NSDictionary+Utilities.h>
@@ -69,27 +70,23 @@ size_t curl_body_function(void *ptr, size_t size, size_t nmemb, void *buffer)
   NSString *authValue, *userPassword;
   NSArray *parts, *keys;
   
-  userPassword = [[self authenticatorInContext: context]
-                   passwordInContext: context];
+  userPassword = [[self authenticatorInContext: context] passwordInContext: context];
   if ([userPassword length] == 0)
     {
-      authData = nil;
+      userPassword = [[SOGoSystemDefaults sharedSystemDefaults] encryptionKey];
+    }
+  authValue
+    = [[self folderPropertyValueInCategory: @"WebCalendarsAuthentication"]
+            decryptWithKey: userPassword];
+  parts = [authValue componentsSeparatedByString: @":"];
+  if ([parts count] == 2)
+    {
+      keys = [NSArray arrayWithObjects: @"username",  @"password", nil];
+      authData = [NSDictionary dictionaryWithObjects: parts
+                                             forKeys: keys];
     }
   else
-    {
-      authValue
-        = [[self folderPropertyValueInCategory: @"WebCalendarsAuthentication"]
-            decryptWithKey: userPassword];
-      parts = [authValue componentsSeparatedByString: @":"];
-      if ([parts count] == 2)
-        {
-          keys = [NSArray arrayWithObjects: @"username",  @"password", nil];
-          authData = [NSDictionary dictionaryWithObjects: parts
-                                                 forKeys: keys];
-        }
-      else
-        authData = nil;
-    }
+    authData = nil;
 
   return authData;
 }
@@ -99,18 +96,18 @@ size_t curl_body_function(void *ptr, size_t size, size_t nmemb, void *buffer)
 {
   NSString *authValue, *userPassword;
 
-  userPassword = [[self authenticatorInContext: context]
-                   passwordInContext: context];
-  if ([userPassword length] > 0)
-    {
-      if (!username)
-        username = @"";
-      if (!password)
-        password = @"";
-      authValue = [NSString stringWithFormat: @"%@:%@", username, password];
-      [self setFolderPropertyValue: [authValue encryptWithKey: userPassword]
-                        inCategory: @"WebCalendarsAuthentication"];
-    }
+  userPassword = [[self authenticatorInContext: context] passwordInContext: context];
+  if ([userPassword length] == 0) {
+    userPassword = [[SOGoSystemDefaults sharedSystemDefaults] encryptionKey];
+  }
+
+  if (!username)
+    username = @"";
+  if (!password)
+    password = @"";
+  authValue = [NSString stringWithFormat: @"%@:%@", username, password];
+  [self setFolderPropertyValue: [authValue encryptWithKey: userPassword]
+                    inCategory: @"WebCalendarsAuthentication"];
 }
 
 - (NSDictionary *) loadWebCalendar
diff --git a/SoObjects/SOGo/SOGoDefaults.plist b/SoObjects/SOGo/SOGoDefaults.plist
index e0e0a2aa1..01fc78101 100644
--- a/SoObjects/SOGo/SOGoDefaults.plist
+++ b/SoObjects/SOGo/SOGoDefaults.plist
@@ -10,6 +10,8 @@
 
     SOGoZipPath = "/usr/bin/zip";
 
+    SOGoEncryptionKey = "MySOGoEncryptionKey";
+
     WOUseRelativeURLs = YES;
     WOMessageUseUTF8 = YES;
     WOParsersUseUTF8 = YES;
diff --git a/SoObjects/SOGo/SOGoSystemDefaults.h b/SoObjects/SOGo/SOGoSystemDefaults.h
index 24d211350..2057f24b0 100644
--- a/SoObjects/SOGo/SOGoSystemDefaults.h
+++ b/SoObjects/SOGo/SOGoSystemDefaults.h
@@ -43,6 +43,7 @@
 - (BOOL) debugLeaks;
 - (int) vmemLimit;
 - (BOOL) trustProxyAuthentication;
+- (NSString *) encryptionKey;
 - (BOOL) useRelativeURLs;
 
 - (BOOL) isWebAccessEnabled;
diff --git a/SoObjects/SOGo/SOGoSystemDefaults.m b/SoObjects/SOGo/SOGoSystemDefaults.m
index 4f5c5651a..e724c4fb9 100644
--- a/SoObjects/SOGo/SOGoSystemDefaults.m
+++ b/SoObjects/SOGo/SOGoSystemDefaults.m
@@ -349,6 +349,11 @@ _injectConfigurationFromFile (NSMutableDictionary *defaultsDict,
   return [self boolForKey: @"SOGoTrustProxyAuthentication"];
 }
 
+- (NSString *) encryptionKey;
+{
+  return [self stringForKey: @"SOGoEncryptionKey"];
+}
+
 - (BOOL) useRelativeURLs
 {
   return [self boolForKey: @"WOUseRelativeURLs"];