From 4c9798f1a1a8de67b5b2f1109044cc94a8da3297 Mon Sep 17 00:00:00 2001
From: "J. Elfring" <code@elfring.ms>
Date: Sun, 19 Nov 2023 21:16:32 +0100
Subject: [PATCH] Add script to dump passwordstore

and enable comments in the check script.
---
 README.md            |  8 ++++++++
 checkPasswordList.sh |  2 +-
 dumpPasswordstore.sh | 20 ++++++++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100755 dumpPasswordstore.sh

diff --git a/README.md b/README.md
index 9902b4f..48b589d 100644
--- a/README.md
+++ b/README.md
@@ -3,10 +3,13 @@
 These are my scripts to the haveibeenpwned.com api.
 ... To be extended ...
 
+> :fire: **Keep in mind that your passwordlist is highly confidential and you should be
+able to delete it securely after finished.**
 
 ## checkPasswordList.sh
 
 This script checks a list of passwords against the api and reports whether they hae been compromised.
+Lines starting with <space># are considered comments.
 The passwords themselfs will NOT be send to the web-api.
 haveibeenpwned.com's k-anonymity model is used.
 More info can be found here https://haveibeenpwned.com/API/v2#PwnedPasswords
@@ -21,3 +24,8 @@ __: Password c60e6754-8abf-4c0f-a7a7-2225da28637f has not been pwned.
 __: Password c60e6754-8a f-4c0f-a7a -2225da28637f has not been pwned.
 ==: 1 of 3 passwords have been pwned.
 ```
+
+## dumpPasswordstore.sh
+Dump the passwords from [passwordstore](https://www.passwordstore.org/) into
+a list to be used with checkPasswordList.sh.
+The filenames will be masked as comments (see above).
diff --git a/checkPasswordList.sh b/checkPasswordList.sh
index 4646475..1ebd96b 100755
--- a/checkPasswordList.sh
+++ b/checkPasswordList.sh
@@ -26,7 +26,7 @@ fi
 echo "Checking passwords from list $1"
 
 IFS=$'\n'
-for p in $(cat < "$pfile"); do
+for p in $(grep --invert-match '^ #' $pfile); do
 	((cPswds++))
 	## Hash the password, filter non-hashy things (" -" at the end),
 	## translate to upper for the beauty
diff --git a/dumpPasswordstore.sh b/dumpPasswordstore.sh
new file mode 100755
index 0000000..d69a3ec
--- /dev/null
+++ b/dumpPasswordstore.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+## A script to decrypt and dump the passwords
+## from passwordstore to a simple list.
+
+prefix=${PASSWORD_STORE_DIR:=~/.password-store}
+
+## Set the IFS to account for spaces in filenames
+IFS=$(echo -en "\n\b")
+
+for file in $(find $prefix -name '*.gpg')
+do
+	nicename=$(echo $file \
+               | cut --characters ${#prefix}- \
+		       | cut --characters 3- \
+		       | rev | cut --characters 5- | rev
+		      )
+	echo " # "$nicename
+	gpg --quiet --decrypt $file | head -n 1
+done