Encrypting user folder after installing Ubuntu, without using 2.5x currently used space?

I've installed a XUnbuntu a few months ago, and did the stupid mistake of not checking "Encrypt Home".

I'm now looking for a way to encrypt my user's home directory (I have only one user using this computer).

I've read a lot of tutorials about encrypting a /home after installation, like: https://www.howtogeek.com/116032/how-to-encrypt-your-home-folder-after-installing-ubuntu/ but they all use the same method, via ecryptfs-migrate-home which is clearly announced in the docs to use 2.5x times the current size of the user's dir.

Unfortunately, I have a 150GB SSD, and my /home/user already uses 100GB... So I cannot use this method. Also, I would prefer not having to buy an external drive and waste (a lot of) time copying all that data back and forth, through my USB2 port.

So, I'm trying to find a solution to work around this problem.

While reading: https://askubuntu.com/a/1029330 , I discovered the command: sudo adduser --encrypt-home <user>.

This gave me the idea to create a new user user with an encrypted home dir using this command, then to copy/move all my original-user files to this encrypted directory, then destroy the original-user account and rename the user account to original-user.

I tried this idea, by first trying to create the new user with an encrypted dir. This seems to work (apart for the passwd: Permission denied that I couldn't find where it comes from, but does not seems to prevent the user to login with the provided passwd):

# adduser --encrypt-home user
Adding user `user' ...
Adding new group `user' (1002) ...
Adding new user `user' (1002) with group `user' ...
Creating home directory `/home/user' ...
Setting up encryption ...

************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************


Done configuring.

Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: Permission denied
passwd: password unchanged
Try again? [y/N] 
Changing the user information for user
Enter the new value, or press ENTER for the default
    Full Name []: 
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n] y

After that I can see:

# ls /home
total 32K
drwxr-xr-x  6 root    root       4,0K févr. 28 10:53 .
drwxr-xr-x 23 root    root       4,0K févr. 19 10:16 ..
drwx------  3 root    root       4,0K févr. 28 10:53 .ecryptfs
...
...
dr-x------  2 user    user       4,0K févr. 28 10:53 user
...

and

total 16K
drwx------ 4 user user 4,0K févr. 28 10:53 .
drwx------ 3 root root 4,0K févr. 28 10:53 ..
drwx------ 3 user user 4,0K févr. 28 10:53 .Private
drwx------ 2 user user 4,0K févr. 28 10:53 .ecryptfs

and

# ls /home/user/
total 8,0K
dr-x------ 2 user user 4,0K févr. 28 10:53 .
drwxr-xr-x 6 root root 4,0K févr. 28 10:53 ..
lrwxrwxrwx 1 user user   29 févr. 28 10:53 .Private -> /home/.ecryptfs/user/.Private
lrwxrwxrwx 1 user user   30 févr. 28 10:53 .ecryptfs -> /home/.ecryptfs/user/.ecryptfs
lrwxrwxrwx 1 user user   56 févr. 28 10:53 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
lrwxrwxrwx 1 user user   52 févr. 28 10:53 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt

So all the directories and user entries seems to be correctly created...

But when I try mount this directory, using the command provided in the README.txt listed above, it fails with: ERROR: Encrypted private directory is not setup properly

When a try a manual solution I already used to recover a crashed encrypted system (https://ubuntuforums.org/showthread.php?t=1643532), I can see the skeleton files (.bashrc, ...) copied by adduser (if I say yes to "encrypted filenames"), but the access rights, etc are all ???, so I understand that the decryption itself did not work.

ls: cannot access '.Xdefaults': No such file or directory
ls: cannot access '.xscreensaver': No such file or directory
ls: cannot access '.profile': No such file or directory
ls: cannot access '.bash_logout': No such file or directory
ls: cannot access '.config': No such file or directory
ls: cannot access '.bashrc': No such file or directory
total 40K
drwx------ 6 user user 4,0K févr. 28 11:15 .
drwxr-xr-x 6 root root 4,0K févr. 28 10:53 ..
-????????? ? ?    ?       ?              ? .Xdefaults
-????????? ? ?    ?       ?              ? .bash_logout
-????????? ? ?    ?       ?              ? .bashrc
d????????? ? ?    ?       ?              ? .config
-????????? ? ?    ?       ?              ? .profile
-????????? ? ?    ?       ?              ? .xscreensaver
...

Also, when I run the recommended command to backup passphrase: ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase , I get an error saying that the file does not exists, which is indeed the case.

I've tried to create it using ecryptfs-setup-private -u user [-w], but to no success until now.

So my questions are: - Is this approach valid? (I don't think so, otherwise people would not propose a method that takes 2.5x the space needed). - Particularly, is it possible to create a encrypted /home/user directory with cryptsetup on a /home partition that was not configured for encryption, or is that the partition itself that should be encrypted (which would explain the problem in decryption with mount and absence of passphrase when trying to backup)? - If my idea is fine, is there a way to generate a passphrase to finish my setup?

Thanks to all in advance!