Sequence Diagram Generator
Write authentication, provisioning, and PKI flow diagrams in WebSequenceDiagrams syntax; get clean SVG or PNG output. Seven security-engineering templates included — FIDO2 / WebAuthn, SCP03 personalisation, eSIM SGP.32 download, V2X PKI enrolment + Butterfly batch, UPI collect, banking MFA, and device-identity lifecycle. All rendering happens in your browser.
Source
Preview
Supported syntax
A WebSequenceDiagrams-style subset. Lines are evaluated in order; participants referenced by messages or notes are auto-declared if not declared explicitly. Comment lines start with # or //.
title <text>— diagram title (one per file)participant Alice·participant "Long Name" as Aactor User— stick-figure participantA -> B: label— synchronous messageA ->> B: label— asynchronous (open arrow)A --> B: label— dashed replyA -->> B: label— dashed async replyA -> A: label— self-loopnote over A: text·note over A,B: textnote left of A: text·note right of A: textalt <cond>/else <cond>/endloop <cond>/endopt <cond>/endautonumber— auto-number subsequent messages\ninside labels — line break
Templates
FIDO2 / WebAuthn authentication
Full assertion ceremony — PublicKeyCredentialRequestOptions → authenticator user verification → signature → relying-party verify with counter / origin / RP-ID-hash checks. See also how FIDO authentication works.
Secure-element provisioning (SCP03)
HSM-backed personalisation line: INITIALIZE UPDATE → EXTERNAL AUTHENTICATE → per-applet PUT KEY with hash-chained audit log. See also device identity at manufacturing scale.
eSIM SGP.32 profile download
IoT eSIM RSP: SM-DS discovery, mutual auth with SM-DP+, bound-profile-package delivery, optional enable. See also the SGP.32 reference.
V2X PKI enrolment + AA batch
EA enrolment under manufacturer attestation, then Butterfly Key Expansion for an Authorisation Authority batch of pseudonymous certificates. See also how V2X PKI works.
UPI payment — collect + verify
NPCI switch flow with encrypted PIN block, payer-bank authorise, credit settlement. The kind of diagram every UPI integration spec needs.
Banking login — phishing-resistant MFA
Password + WebAuthn step-up + risk engine. Alt-branch on risk score for out-of-band confirmation.
Device identity lifecycle
Factory mint → field enrolment → operational refresh → re-enrolment → revocation across always-on / intermittent / offline tiers.
FAQ
Why a sequence diagram tool on an embedded-security site?
Authentication ceremonies, V2X PKI flows, eSIM RSP exchanges, and SCP03 personalisation steps are sequence diagrams in disguise. Every architecture review of these systems ends up sketching one. Owning the tool that draws them — with templates that match the actual standards — cuts review cycles for our engineering team and is useful to external readers working in the same space.
Why not just use WebSequenceDiagrams.com or Mermaid?
WebSequenceDiagrams.com is a paid hosted service that uploads your source to render. For an under-NDA architecture diagram (which authentication and provisioning flows often are), that’s the wrong privacy posture. Mermaid is excellent but uses a different syntax convention; this tool stays close to the WebSequenceDiagrams grammar engineers in the security space already know.
What is the current syntax-feature gap?
Not yet supported: par / end (concurrent branches), activate / deactivate (lifeline activations), participant grouping, and Mermaid- or PlantUML-style syntax. The architecture is designed to accept these in a follow-up phase without rewriting the layout engine.
How does dark mode work?
The SVG honours prefers-color-scheme: dark in your browser or operating system. Switch your OS appearance to dark and reload to see the dark theme. No toggle ships with the tool because the rest of the AmbiSecure site does not currently expose one.
Related
Other developer utilities
APDU parser · ASN.1 parser · X.509 viewer · IEEE 1609.2 V2X parser
Architecture writing
How V2X PKI works · Device identity at manufacturing scale · Pseudonymous certificates and privacy