Add script to dump passwordstore

and enable comments in the check script.

README.md

@@ -3,10 +3,13 @@
 These are my scripts to the haveibeenpwned.com api.
 ... To be extended ...
 
+> :fire: **Keep in mind that your passwordlist is highly confidential and you should be
+able to delete it securely after finished.**
 
 ## checkPasswordList.sh
 
 This script checks a list of passwords against the api and reports whether they hae been compromised.
+Lines starting with <space># are considered comments.
 The passwords themselfs will NOT be send to the web-api.
 haveibeenpwned.com's k-anonymity model is used.
 More info can be found here https://haveibeenpwned.com/API/v2#PwnedPasswords
@@ -21,3 +24,8 @@ __: Password c60e6754-8abf-4c0f-a7a7-2225da28637f has not been pwned.
 __: Password c60e6754-8a f-4c0f-a7a -2225da28637f has not been pwned.
 ==: 1 of 3 passwords have been pwned.
 ```
+
+## dumpPasswordstore.sh
+Dump the passwords from [passwordstore](https://www.passwordstore.org/) into
+a list to be used with checkPasswordList.sh.
+The filenames will be masked as comments (see above).

checkPasswordList.sh

@@ -26,7 +26,7 @@ fi
 echo "Checking passwords from list $1"
 
 IFS=$'\n'
-for p in $(cat < "$pfile"); do
+for p in $(grep --invert-match '^ #' $pfile); do
 	((cPswds++))
 	## Hash the password, filter non-hashy things (" -" at the end),
 	## translate to upper for the beauty

dumpPasswordstore.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+## A script to decrypt and dump the passwords
+## from passwordstore to a simple list.
+
+prefix=${PASSWORD_STORE_DIR:=~/.password-store}
+
+## Set the IFS to account for spaces in filenames
+IFS=$(echo -en "\n\b")
+
+for file in $(find $prefix -name '*.gpg')
+do
+	nicename=$(echo $file \
+               | cut --characters ${#prefix}- \
+		       | cut --characters 3- \
+		       | rev | cut --characters 5- | rev
+		      )
+	echo " # "$nicename
+	gpg --quiet --decrypt $file | head -n 1
+done