How can I change an encryption key and still be able to decrypt old data?

I would need to create a symmetric key in C# and use it to encrypt a string, which I would eventually store in a database. I would use the AES mechanism in .Net to achieve this. I would use the开发者_运维百科 same key to decrypt the encrypted data.

Now my requirement is that if I have a mechanism to change the key. How can I ensure that I can use the newly created key to be used to decrypt the strings encrypted with the old or expired key?

Everything in the database must be decrypted then re-encrypted with the new key every time the key changes.

EDIT--

Per your comment, what Key_Source and Identity_Value is doing is creating a key that never changes then encrypting that key and changing that outer layer on regular intervals. I would not recommend implementing this yourself, as it is very hard to secure that master key correctly, and just use the key system built in to MS SQL if that is the database you are using.