MySQL encrypted columns

Question

Say each row in a table has data pertaining to one particular user. The user has a password to access the system.

How do I encrypt a column of data using InnoDB so t

Answer 1

For data that is not user-specific (global), you could maybe use a combination of symmetric and asymmetric cipher. You could have an extra password field that all users are required to enter so that even if one user changes one's password, the global data will still be usable to other users with different passwords.

The extra password can be bitwise xor'ed with another salt-like string inside the source code. Together, it can form the symmetric passkey to decrypt a private key stored in the database (which will never change). After private key is decrypted using the extra password, the private key can decrypt and read all the data in the db. Private key can be stored as session variable.

The public key, as the name suggests, can reside as plain text string in the db. When you need to write to db, use public key to encrypt the data.

You can routinely provide the users with a new extra password and re-encrypt the static private key, followed by an xor'ing with salt-like string.

If the data is user-specific data and not meant for other users, you could use the user's password without the extra-password field to encrypt the private key. The administrator could have another copy of the private keys for specific users, which can be decrypted using his password.