I have a small question about the default (if its enabed) encryption.
When you enable encryption all files that you upload from that moment will be encrypted, with your own password.
But when you share a encrypted file / folder you need to make a private encryption key.
Are those keys stored on the nextcloud server (in that case you can un-encrypt the files?)
All keys are stored on the server (and protected with the user’s password. There is no secure protection against a curious admin on the server, then only client-side encryption protects your data.
When you share a file, the sharing key is available for all users you shared the file with. On public shares (without user authentication) the data must be decryptable without user-interaction.
All keys are stored on the server (and protected with the user’s password. There is no secure protection against a curious admin on the server, then only client-side encryption protects your data. @tflidd
The keys are protected?, in what way, how (encrypted) ? 
In that case you still cannot decrypt the files as admin if you don’t have the user password?
In that case you still cannot decrypt the files as admin if you don’t have the user password?
No, but the admin can replace the login page with something malicious that captures the entered password, for example.