diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index e911c1785df5f74c89eecc8abd679b4e8b5f0bcb..084abdb2c2edd6f2b6cd4b387738bf511390c0d7 100755
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -126,7 +126,12 @@ class Keymanager {
 		$util = new Util($view, \OCP\User::getUser());
 		list($owner, $filename) = $util->getUidAndFilename($path);
 
-		$basePath = '/' . $owner . '/files_encryption/keyfiles';
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if (self::isSystemWideMountPoint($filename)) {
+			$basePath = '/files_encryption/keyfiles';
+		} else {
+			$basePath = '/' . $owner . '/files_encryption/keyfiles';
+		}
 
 		$targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
 
@@ -233,7 +238,12 @@ class Keymanager {
 		list($owner, $filename) = $util->getUidAndFilename($filePath);
 		$filePath_f = ltrim($filename, '/');
 
-		$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if (self::isSystemWideMountPoint($filename)) {
+			$keyfilePath = '/files_encryption/keyfiles/' . $filePath_f . '.key';
+		} else {
+			$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
+		}
 
 		$proxyStatus = \OC_FileProxy::$enabled;
 		\OC_FileProxy::$enabled = false;
@@ -341,19 +351,20 @@ class Keymanager {
 
 		list($owner, $filename) = $util->getUidAndFilename($path);
 
-		$basePath = '/' . $owner . '/files_encryption/share-keys';
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if (self::isSystemWideMountPoint($filename)) {
+			$basePath = '/files_encryption/share-keys';
+		} else {
+			$basePath = '/' . $owner . '/files_encryption/share-keys';
+		}
 
 		$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
 
 		// try reusing key file if part file
 		if (self::isPartialFilePath($shareKeyPath)) {
-
 			$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
-
 		} else {
-
 			$writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey';
-
 		}
 
 		$proxyStatus = \OC_FileProxy::$enabled;
@@ -440,8 +451,13 @@ class Keymanager {
 		$util = new Util($view, \OCP\User::getUser());
 
 		list($owner, $filename) = $util->getUidAndFilename($filePath);
-		$shareKeyPath = \OC\Files\Filesystem::normalizePath(
-			'/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey');
+
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if (self::isSystemWideMountPoint($filename)) {
+			$shareKeyPath = '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
+		} else {
+			$shareKeyPath = '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
+		}
 
 		if ($view->file_exists($shareKeyPath)) {
 
@@ -568,4 +584,19 @@ class Keymanager {
 		return $targetPath;
 
 	}
+
+	/**
+	 * @brief check if the file is stored on a system wide mount point
+	 * @param $path relative to /data/user with leading '/'
+	 * @return boolean
+	 */
+	private static function isSystemWideMountPoint($path) {
+		$mount = OC_Mount_Config::getSystemMountPoints();
+		foreach ($mount as $mountPoint => $data) {
+			if ($mountPoint == substr($path, 1, strlen($mountPoint))) {
+				return true;
+			}
+		}
+		return false;
+	}
 }
\ No newline at end of file
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index b3de85254e25327717f6af7beede1d4bdd04714b..a5290013a4b43f6c1d443efe75b0f180eec84cbb 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -992,13 +992,9 @@ class Util {
 			\OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled')
 			&& $this->recoveryEnabledForUser()
 		) {
-
 			$recoveryEnabled = true;
-
 		} else {
-
 			$recoveryEnabled = false;
-
 		}
 
 		// Make sure that a share key is generated for the owner too
@@ -1019,20 +1015,24 @@ class Util {
 		// If recovery is enabled, add the 
 		// Admin UID to list of users to share to
 		if ($recoveryEnabled) {
-
 			// Find recoveryAdmin user ID
 			$recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
-
 			// Add recoveryAdmin to list of users sharing
 			$userIds[] = $recoveryKeyId;
-
 		}
 
 		// add current user if given
 		if ($currentUserId !== false) {
-
 			$userIds[] = $currentUserId;
+		}
 
+		// check if it is a group mount
+		$mount = OC_Mount_Config::getSystemMountPoints();
+		foreach ($mount as $mountPoint => $data) {
+			if ($mountPoint == substr($ownerPath, 1, strlen($mountPoint))) {
+				$userIds = array_merge($userIds,
+					$this->getUserWithAccessToMountPoint($data['applicable']['users'], $data['applicable']['groups']));
+			}
 		}
 
 		// Remove duplicate UIDs
@@ -1042,6 +1042,20 @@ class Util {
 
 	}
 
+	private function getUserWithAccessToMountPoint($users, $groups) {
+		$result = array();
+		if (in_array('all', $users)) {
+			$result = \OCP\User::getUsers();
+		} else {
+			$result = array_merge($result, $users);
+			foreach ($groups as $group) {
+				$result = array_merge($result, \OC_Group::usersInGroup($group));
+			}
+		}
+
+		return $result;
+	}
+
 	/**
 	 * @brief start migration mode to initially encrypt users data
 	 * @return boolean