a) all you need is a cert signed by a CA which is registered in a Windows user's mystore (which is doable)
b) X.509 for E-Mail signing has been around for a long long long long time :)