Question about Administrator Recovery Key in End-to-End Encryption

I have a question about the optional offline administrator recovery key in end-to-end (E2E) encryption. As per Nextcloud’s website,

Each device of the user can aid in recovering their private key. Only if a key is lost on all devices AND the 12 secure key words are lost, the user loses access to his/her data. The optional offline administrator recovery key can still be used to re-gain access.

Suppose that the optional administrator recovery key is disabled, and a user sets up an E2E encrypted folder. Could the administrator recovery key be enabled later and still be able to decrypt the files in this folder? Or does the recovery key only work for folders that were E2E encrypted after it is enabled?

EDIT: In addition, I’m curious how a third administrator recovery key works at all if the system is using asymmetric key pairs. Is the data decrypted+copied on the server and the copy encrypted with the administrator recovery key at some point?

I apologize if this is a badly phrased question–I’m only somewhat familiar with the basics of encryption.

Good question @tca

i’ve got the same question & i’m wondering, why nobody could give an answer yet.

One of my main questions would be - how to enable this “optional offline adminstrator recovery key” ? Must this done on server-/client site or on both?