I'm trying to understand how ecryptfs works internally and documentation on ecryptfs.org doesn't help. Maybe someone is able to explain how does it really works. Of course I'm aware of these hidden .Private / .ecryptfs directory structure. My questions are more detailed:
- How does the system know that my home is encrypted and decrypt it when I'm logging in?
- How does it search for key directories (those with encrypted data, mountpoint for it (sometimes it is home, sometimes /home/Private), directory with wrapped passphrase etc). These directories are typically put in /home/.ecryptfs/ and linked into home. Which location is the key? Are the ".ecryptfs" and ".Private" directory names reserved and hardcoded or configurable?
- About keyring: supposing I have multiple keys in my keyring – how does it match proper key with certain encrypted directory?