This is a very helpful link, Tony; thank you. I understand FileVault 2 much better now.
However, I still have one last question that (hopefully) you or someone else can answer. Is there only one recovery key per machine (i.e. will the recovery key that I created using my primary user account also work to decrypt the secondary user account on my machine if I ever--heaven forbid--forget my FileVault password)? Or does each user account on each machine have a different FileVault recovery key?
The reason I inquire is that I was only asked to create a recovery key when I activated FileVault 2 from my primary user account. I was not asked to create a recovery key when I activated FileVault 2 on my secondary user account, and I want to be sure that I didn't miss something somewhere. The last thing I want to have happen is to need a recovery key for my secondary user account, have it be different from the recovery key I created through my primary user account, and be unable to get back into my secondary user account as a result.
Thanks so much for your help!