The home is mounted unencrypted on login.
I tried accessing it after doing 'su sampleuser', but it was encrypted, which is the expected behavior I guess.
I also tried changing the user's password, and then logging in, but I was redirected to the login.
So just to be sure: is there a way for root to access and decrypt a home folder from another user?
Yes and no. Not directly - the data can only be decrypted with the user's password, which root doesn't have.
But a malicious root user can always get around that kind of thing - they own the system. A couple of workable options come to mind, but I'm sure there are plenty of others: pulling the decrypted private key from memory while the user's logged in, or setting up a key logger to capture the user's password when they enter it.
In addition to capturing the user's password when they log in, root can also access the encrypted filesystem while it's mounted (i.e. when you're logged in), by sudoing to your user.
