diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php
index 649cf0285a..06dc330151 100644
--- a/lib/private/encryption/update.php
+++ b/lib/private/encryption/update.php
@@ -104,7 +104,7 @@ class Update {
 
 			foreach ($allFiles as $path) {
 				$usersSharing = $this->util->getSharingUsersArray($path);
-				$encryptionModule->update($absPath, $usersSharing);
+				$encryptionModule->update($absPath, $this->uid, $usersSharing);
 			}
 	}
 
diff --git a/lib/private/encryption/util.php b/lib/private/encryption/util.php
index 2c6ff26684..85e852ec2c 100644
--- a/lib/private/encryption/util.php
+++ b/lib/private/encryption/util.php
@@ -389,9 +389,22 @@ class Util {
 	 * @return boolean
 	 */
 	public function isExcluded($path) {
-		$root = explode('/', $path, 2);
-		if (isset($root[0])) {
-			if (in_array($root[0], $this->excludedPaths)) {
+		$normalizedPath = \OC\Files\Filesystem::normalizePath($path);
+		$root = explode('/', $normalizedPath, 4);
+		if (count($root) > 2) {
+
+			//detect system wide folders
+			if (in_array($root[1], $this->excludedPaths)) {
+				return true;
+			}
+
+			$v1 = $this->userManager->userExists($root[1]);
+			$v2 = in_array($root[2], $this->excludedPaths);
+
+			// detect user specific folders
+			if ($this->userManager->userExists($root[1])
+				&& in_array($root[2], $this->excludedPaths)) {
+
 				return true;
 			}
 		}
diff --git a/lib/private/files/storage/wrapper/encryption.php b/lib/private/files/storage/wrapper/encryption.php
index 44fc2124f7..0e70c99c8d 100644
--- a/lib/private/files/storage/wrapper/encryption.php
+++ b/lib/private/files/storage/wrapper/encryption.php
@@ -254,7 +254,7 @@ class Encryption extends Wrapper {
 				'" not found, file will be stored unencrypted');
 		}
 
-		if($shouldEncrypt === true && !$this->util->isExcluded($path) && $encryptionModule !== null) {
+		if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) {
 			$source = $this->storage->fopen($path, $mode);
 			$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,
 				$this->uid, $encryptionModule, $this->storage, $this, $this->util, $mode,
diff --git a/lib/public/encryption/iencryptionmodule.php b/lib/public/encryption/iencryptionmodule.php
index 2527e35e63..7265fee125 100644
--- a/lib/public/encryption/iencryptionmodule.php
+++ b/lib/public/encryption/iencryptionmodule.php
@@ -84,10 +84,11 @@ interface IEncryptionModule {
 	 * update encrypted file, e.g. give additional users access to the file
 	 *
 	 * @param string $path path to the file which should be updated
+	 * @param string $uid of the user who performs the operation
 	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
 	 * @return boolean
 	 */
-	public function update($path, $accessList);
+	public function update($path, $uid, $accessList);
 
 	/**
 	 * should the file be encrypted or not
diff --git a/lib/public/encryption/keys/istorage.php b/lib/public/encryption/keys/istorage.php
index 24f6efd6e5..4c2b01f4ad 100644
--- a/lib/public/encryption/keys/istorage.php
+++ b/lib/public/encryption/keys/istorage.php
@@ -104,6 +104,14 @@ interface IStorage {
 	 */
 	public function deleteFileKey($path, $keyId);
 
+	/**
+	 * delete all file keys for a given file
+	 *
+	 * @param string $path to the file
+	 * @return boolean
+	 */
+	public function deleteAllFileKeys($path);
+
 	/**
 	 * delete system-wide encryption keys not related to a specific user,
 	 * e.g something like a key for public link shares
diff --git a/tests/lib/encryption/utiltest.php b/tests/lib/encryption/utiltest.php
index 00a9ab9c57..672f9ff5e9 100644
--- a/tests/lib/encryption/utiltest.php
+++ b/tests/lib/encryption/utiltest.php
@@ -98,4 +98,39 @@ class UtilTest extends TestCase {
 		$u->createHeader($header, $em);
 	}
 
+	/**
+	 * @dataProvider providePathsForTestIsExcluded
+	 */
+	public function testIsEcluded($path, $expected) {
+		$this->userManager
+			->expects($this->any())
+			->method('userExists')
+			->will($this->returnCallback(array($this, 'isExcludedCallback')));
+
+		$u = new Util($this->view, $this->userManager);
+
+		$this->assertSame($expected,
+			$u->isExcluded($path)
+		);
+	}
+
+	public function providePathsForTestIsExcluded() {
+		return array(
+			array('files_encryption/foo.txt', true),
+			array('test/foo.txt', false),
+			array('/user1/files_encryption/foo.txt', true),
+			array('/user1/files/foo.txt', false),
+
+		);
+	}
+
+	public function isExcludedCallback() {
+		$args = func_get_args();
+		if ($args[0] === 'user1') {
+			return true;
+		}
+
+		return false;
+	}
+
 }