doc: Scute can now be used to sign emails.

* doc/manual/scute.texi: Explain how to use Scute for email signing.
* doc/manual/thunderbird-account-settings.png: New image.
* doc/manual/thunderbird-smime-button.png: New image.
* doc/manual/Makefile.am: Include the two above files.
* doc/website/index.xhtml: Mention the email signing capability.
* README: Likewise.
--

Since commit e22c8cf, which added support for generic hash functions
in addition to the TLS-specific 'tls-md5sha1', Scute is no longer
limited to TLS client authentication.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>

README

@@ -25,9 +25,8 @@ Scute enables you to use your OpenPGP smart card for client
 authentication with SSL in Mozilla.  See below for more details on how
 to get this working.
 
-In the future, Scute will enable you to use your OpenPGP smart card
-for email decryption and signing with Thunderbird, using the X.509
-protocol.
+Scute also allows you to sign emails with Thunderbird, using the
+S/MIME protocol.
 
 
 Prerequisites

doc/manual/Makefile.am

@@ -34,7 +34,8 @@ DISTCLEANFILES = scute.tmp
 images = firefox-cm.png firefox-cm-view-detail.png firefox-cm-view.png \
 	firefox-dm-load-after.png firefox-dm-load-before.png \
 	firefox-dm-load.png firefox-dm-token-present.png firefox-pref.png \
-	firefox-pref-view.png firefox-bad-pin.png
+	firefox-pref-view.png firefox-bad-pin.png \
+	thunderbird-account-settings.png thunderbird-smime-button.png
 
 images_eps = $(images:.png=.eps)
 

doc/manual/scute.texi

@@ -82,6 +82,7 @@ module.
 * Introduction::                  How to use this manual.
 * Preparation::                   What you should do before using Scute.
 * Client Authentication::         How to use Scute for client authentication.
+* Email Signing::                 How to use Scute for S/MIME email signing.
 * Troubleshooting::               What to do when things go wrong.
 * Internals::                     Technical details about Scute.
 
@@ -115,6 +116,8 @@ Client Authentication
 * Application Configuration::     Preparing the application for use with Scute.
 * Authentication With Service::   Using Scute for client authentication.
 
+Email Signing
+
 Troubleshooting
 
 Internals
@@ -178,7 +181,7 @@ Anybody can use, modify, and redistribute it under the terms of the GNU
 General Public License (@pxref{Copying}).
 
 @item it's built to grow
-Although Scute currently only provides a single function, client
+Although Scute initially provided a single function, client
 authentication using OpenPGP smart cards in Mozilla-based web browsers,
 it was built with the intention of supporting other applications as well
 in the future.
@@ -205,10 +208,10 @@ Instead, it uses the GnuPG 2.0 framework to access the smart cards and
 associated data like certificates.  Scute acts as the glue between the
 application and GnuPG 2.0.
 
-Currently, only client authentication over HTTPS with Firefox using the
-OpenPGP card is supported.  In this configuration, Scute allows users to
-authenticate themselves to a remote web service without entering their
-log-in information.
+Currently supported usages are client authentication over HTTPS with
+Firefox (allowing users to authenticate themselves to a remote web
+service without entering their log-in information), and email signing
+with Thunderbird.
 
 
 @node Preparation
@@ -545,6 +548,32 @@ the @code{Try Again} button does not work as expected:
 @comment FIXME: Document possible error codes.
 
 
+@node Email Signing
+@chapter Email Signing
+
+Scute also allows you to use your card-based X.509 certificate to sign
+your emails with the S/MIME signature format.  This has been tested
+with Mozilla Thunderbird only, but should work with any mail client
+with support for PKCS #11 (notably GNOME Evolution).
+
+You must first load the Scute module into your mail client.  With
+Mozilla Thunderbird, the procedure is the same as the one described
+above for Mozilla Firefox.
+
+Then, open your accent configuration dialog (@code{Edit->Account
+Settings}), and in the @code{Security} tab, under the section
+@code{Digital Signing}, use the @code{Select...} button to associate
+your card-based certificate with your account.
+
+@center @image{thunderbird-account-settings,13cm}
+
+When writing a new message, you may then use the @code{S/MIME} button
+and select @code{Digitally sign this message} in the popup menu.  You
+will be prompted for your User PIN before the message is sent.
+
+@center @image{thunderbird-smime-button,13cm}
+
+
 @node Troubleshooting
 @chapter Troubleshooting
 

doc/website/index.xhtml

@@ -65,12 +65,10 @@
 	  that makes use the NSS library.
 	</p>
 	<p>
-	  Currently, only <a
+	  Currently, supported usages are <a
 	  href="http://en.wikipedia.org/wiki/Https">HTTPS</a> client
-	  authentication is supported.  In the future, Scute will also
-	  allow you to use your OpenPGP Card with <a
-	  href="http://www.mozilla.com/">Thunderbird</a> for signing and
-	  decrypting e-mails using X.509 certificates.
+          authentication and S/MIME email signing using X.509
+          certificates.
 	</p>
 	<p>
 	  You can <a href="documentation.xhtml">read the