Edit

Share via

Quickstart: Upload, view and list ledger data with the Azure ledger explorer

  • Article

In this quickstart, learn how to use the Azure portal to list, view and verify the integrity and authenticity of the data stored in your Azure confidential ledger.

Prerequisites

The ledger explorer is accessible through the Azure Portal for your confidential ledger resource. You need to be logged in with an Entra ID user which has a Reader, Contributor or Administrator role assigned to access the ledger explorer. For help managing Entra ID users for your ledger, please see Manage Microsoft Entra token-based users in Azure confidential ledger.

How to use the ledger explorer

The ledger explorer allows you to a list of all transactions on your ledger with their IDs and contents, filtered by collections. You can click on a transaction row to see more details, such as the transaction ID, the transaction receipt, and the cryptographic proof.

As the ledger is an append-only, sequential datastore, data fetched sequentially starting from Transaction ID 2.1, the start of the ledger.

To use the ledger explorer, follow these steps:

  1. Open the Azure portal and log in as an Entra ID user who has a Reader, Contributor or Administrator role assigned for the confidential ledger resource.
  2. On the Overview page, navigate to the "Ledger explorer (preview)" tab Screenshot of Ledger explorer Item in the Menu bar.

Searching for a transaction

CCF Transaction IDs require both a view and a sequence number, separated by a .. e.g. 2.15

Valid Transaction IDs start at 2.1. Your transactions will receive a unique sequence number assigned by the system, and will be associated with a view.

If you have previously recorded the specific Transaction ID of a past transaction, you may enter that Transaction ID in the search box to locate that transaction.

  • Search: You can use the filters and the search box to start your transaction search from any Transaction ID. Screenshot of how to search for a transaction in Ledger explorer.

Creating an entry

Entries can be created from ledger explorer if you have Administrator or Contributor roles. You can use Ledger explorer to quickly create a new ledger entry by clicking on the Create button in the command bar.

Every entry requires a Collection ID along with some content. A default Collection ID subledger:0 is assigned if you do not specify one.

You can change the Collection ID using the dropdown, or specify a completely new collection by typing it in the Collection Id field.

Screenshot of how to post an entry in Ledger explorer.

Warning

Ledger entries are immutable. Once you have committed a transaction you cannot delete it.

How to verify your ledger data

One of the key features of Azure confidential ledger is that it provides cryptographic evidence that your ledger data has not been tampered with via Transaction Receipts.

A transaction receipt is a JSON document that contains the metadata of a transaction, such as the transaction ID, cryptographic proofs and certificate information. You can use the transaction receipt to verify that a transaction exists on your ledger and that it has not been modified. To learn more about transaction receipts, please read Write Transaction Receipts.

Ledger explorer performs the verification steps listed in Verify Azure Confidential Ledger write transaction receipts to verify the transaction receipt.

To begin verifying a transaction:

  1. Click on a transaction in Ledger explorer
  2. Click on the Proof tab.

1. Leaf node computation:

The transaction digest is computed from the Claims Digest, Commit Evidence and Write Set Digest. This transaction digest is inserted as a leaf node into the merkle tree.

Screenshot of the calculated transaction digest in Ledger explorer.

This step corresponds to Leaf Node Computation in Verify Azure Confidential Ledger write transaction receipts.

2. Root node computation

The transaction receipt provides a cryptographic proof with the Merkle tree branches that leads to the root of the Merkle tree.

Screenshot of the calculated Merkle root in Ledger explorer.

This step corresponds to Root node Computation in Verify Azure Confidential Ledger write transaction receipts

3. Verify signature

When this transaction is committed, the primary node signs the Merkle root. To verify that this transaction was committed by your ledger and has not been tampered with, Ledger explorer uses the public key of the signing node and the digital signature to verify that the calculated Merkle root matches the signed value.

Finally, we check that the signing node is endorsed by the ledger. If the transaction is committed and has not been tampered with, Ledger explorer will indicate that the Globally Committed Status is verified.

Screenshot of a verfified signature in Ledger explorer.

This step corresponds to Verify signature over root node and Verify signing node certificate endorsement in Verify Azure Confidential Ledger write transaction receipts

Next steps

Learn more about using the SDK to write to and read from the ledger, and verify write transaction receipts: