Behind the scenes, it'd probably decrypt it locally piece-by-piece with the key in the Secure Enclave, and then reencrypt it with a new key that Apple has a copy of when you disable ADP.