Add option to init to reencrypt all passwords.

Reported-by: Simon KP <si@eskp.net>

man/pass.1

@@ -51,11 +51,15 @@ password names in
 .SH COMMANDS
 
 .TP
-\fBinit\fP \fIgpg-id\fP
+\fBinit\fP [ \fI--reencrypt\fP, \fI-e\fP ] \fIgpg-id\fP
 Initialize new password storage and use
 .I gpg-id
 for encryption. This command must be run first before a password store can be
-used.
+used. If \fI--reencrypt\fP or \fI-e\fP is specified, reencrypt all existing
+passwords in the password store using \fIgpg-id\fP. Note that use of
+.BR gpg-agent (1)
+is recommended so that the batch decryption does not require as much user
+intervention.
 .TP
 \fBls\fP \fIsubfolder\fP
 List names of passwords inside the tree at

src/password-store.sh

@@ -30,8 +30,9 @@ usage() {
 	cat <<_EOF
 
 Usage:
-    $program init gpg-id
+    $program init [--reencrypt,-e] gpg-id
         Initialize new password storage and use gpg-id for encryption.
+        Optionally reencrypt existing passwords using new gpg-id.
     $program [ls] [subfolder]
         List passwords.
     $program [show] [--clip,-c] pass-name
@@ -134,15 +135,34 @@ fi
 
 case "$command" in
 	init)
+		reencrypt=0
+
+		opts="$($GETOPT -o e -l reencrypt -n "$program" -- "$@")"
+		err=$?
+		eval set -- "$opts"
+		while true; do case $1 in
+			-e|--reencrypt) reencrypt=1; shift ;;
+			--) shift; break ;;
+		esac done
+
 		if [[ $# -ne 1 ]]; then
-			echo "Usage: $program $command gpg-id"
+			echo "Usage: $program $command [--reencrypt,-e] gpg-id"
 			exit 1
 		fi
+
 		gpg_id="$1"
 		mkdir -v -p "$PREFIX"
 		echo "$gpg_id" > "$ID"
 		echo "Password store initialized for $gpg_id."
 		git_add_file "$ID" "Set GPG id to $gpg_id."
+
+		if [[ $reencrypt -eq 1 ]]; then
+			find "$PREFIX" -iname '*.gpg' | while read passfile; do
+				$GPG -d $GPG_OPTS "$passfile" | $GPG -e -r "$gpg_id" -o "$passfile.new" $GPG_OPTS &&
+				mv -v "$passfile.new" "$passfile"
+			done
+			git_add_file "$PREFIX" "Reencrypted entire store using new GPG id $gpg_id."
+		fi
 		exit 0
 		;;
 	help|--help)