\nonstopmode \documentclass [tikz]{standalone} \usetikzlibrary{positioning,arrows} \usetikzlibrary{backgrounds} \usetikzlibrary{calc} \def\backgroundcolour { yellow!30 } \newcommand{\lhbackground}{ \begin{scope}[on background layer] \draw[line width=1pt,black,fill=\backgroundcolour] ($ (current bounding box.south west) + (-5mm,-8mm) $) rectangle ($ (current bounding box.north east) + (+5mm,+8mm) $); \end{scope} } \def\p{ \begin{scope}[file/.style={rectangle,rounded corners,draw,fill=red!40,minimum width=11em,minimum height=3em,align=center}, cafile/.style={rectangle,rounded corners,draw,fill=green!40,minimum width=11em,minimum height=3em,align=center}, command/.style={font={\ttfamily\bfseries}}, program/.style={file,fill=blue!40}, flow1/.style={->,shorten <=-0.5mm,shorten >=+1.0mm}, flow2/.style={->,shorten <=+1.0mm,shorten >=+0.0mm}, flow3/.style={->,shorten <=+1.0mm,shorten >=+1.0mm,very thick,dashed,black!60}, node distance=5mm] \node[command ] (c1) { {\char36} openssl genrsa }; \node[file, below=of c1 ] (f1) { Password-protected \\ private RSA key }; \ifplaintext \node[command, below=of f1 ] (c2) { {\char36} openssl rsa }; \node[file, below=of c2 ] (f2) { Unprotected \\ private RSA key }; \def\tmp{f2} \else \def\tmp{f1} \fi \node[command, below=of \tmp,xshift=0em] (c3) { {\char36} openssl req }; \node[file, below=of c3, xshift=0em] (f3) { Certificate Signing \\ request }; \node[command, below=of f3, xshift=0em] (c4) { {\char36} openssl x509 }; \node[file, below=of c4 ] (f4) { Website \\ certificate }; \path (f4) +(0mm,-15mm) node[program,anchor=north] (server) { Web server }; \path (f1.north) +(-1mm,-1mm) node[above left,font={\scriptsize}] { Encrypted }; \path (f3.north) +(-1mm,-1mm) node[above left,font={\scriptsize}] { Not encrypted }; \path (f4.north) +(-1mm,-1mm) node[above left,font={\scriptsize}] { Not encrypted }; \draw[flow1] (c1) -- (f1); \ifplaintext \path (f2.north) +(-1mm,-1mm) node[above left,font={\scriptsize}] { Not encrypted }; \draw[flow2] (f1) -- (c2); \draw[flow1] (c2) -- (f2); \draw[flow2] (f2) -- (c3); \draw[flow3,<-] (server.west) -- +(-7mm,0) |- (f2.west); \path ($ (f1.west)!.5!(f2.west) $) node[rotate=90,yshift=+10mm] { \strut Choose one }; \else \path ($ (f1.west)!.5!(f3.west) $) node[rotate=90,yshift=+10mm,\backgroundcolour] { \strut }; % Phantom with same effect as "Choose one" \draw[flow2] (f1) -- (c3); \fi \draw[flow1] (c3) -- (f3); \draw[flow2] (f3) -- (c4); \draw[flow1] (c4) -- (f4); \draw[flow3] (f4) -- (server); \draw[flow3,<-] (server.west) -- +(-7mm,0) |- (f1.west); \ifca \node [cafile, right=of f1] (f5) { Password-protected \\ private RSA key }; \node [command, above=of f5] (c5) { {\char36} openssl genrsa }; \node [cafile, right=of f4] (f6) { Certification Authority \\ certificate }; \path (c3) -| (f5) node [command,midway ] (c6) { { \char36} openssl req }; \path (f6) +(0mm,-15mm) node[program,anchor=north] (browser) { Browser }; \path (f5.north) +(+1mm,-1mm) node[above right,font={\scriptsize}] { Encrypted }; \path (f6.north) +(+1mm,-1mm) node[above right,font={\scriptsize}] { Not encrypted }; \draw[flow3] (f6) -- (browser); \draw[flow1] (c5) -- (f5); \draw[flow2] (f5) -- (c6); \draw[flow1] (c6) -- (f6); \draw[flow2] (f6.north west) -- ($ (c4.east)+(0mm,-0.5mm) $); \draw[flow2] (f5.south) +(-13mm,0mm) .. controls +(down:20mm) and +(20:15mm) .. ($ (c4.east) +(up:1mm) $); \else \draw[flow2] (\tmp.south east) .. controls +(+8mm,-8mm) and +(right:20mm) .. (c4.east); \fi \lhbackground \end{scope} } \newif\ifca \newif\ifplaintext %---------------- body \begin {document} \begin{tikzpicture} \catrue \plaintextfalse \p \end{tikzpicture} \end {document}