MySQL encrypted columns

Question

Say each row in a table has data pertaining to one particular user. The user has a password to access the system.

How do I encrypt a column of data using InnoDB so t

Answer 1

Say the password is pass1. And there are a bunch of records encrypted with a key generated from this. If the user now resets the password to pass2, I have no way of decrypting the data that was encrypted using pass1

The key would need to be encrypted in a reversable manner, so that it could be decrypted using pass1 and re-encrypted using pass2.

To summarize:

Stored in the database is: the one-way encrypted password (for password checking), the encryption key for other data, reversibly encrypted using the clear password (or at any rate, the password encrypted in some different manner than the way it is stored in the database), and the other data, reversibly encrypted using the clear encryption key.

Whenever you need the other data, you must have the clear (or differently encrypted than as stored in the database) password, read the encryption key, decrypt it with the password, and use that to decrypt the other data.

When a password is changed, the encryption key is decrypted using the old password, encrypted using the new password, and stored.