Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article shows you how to use the Azure portal ledger explorer to list and view transactions, create new ledger entries, and verify the integrity of your data using cryptographic proofs. For background on what the Ledger Explorer tools are, how they differ, and when to use each one, see Ledger Explorer concepts.
Note
This article covers the Azure portal ledger explorer. To inspect exported or local ledger data, see Inspect ledger data with Ledger Explorer (Offline).
Prerequisites
- An Azure subscription - create one for free.
- An Azure Confidential Ledger instance. If you don't have one, see Quickstart: Create a confidential ledger using the Azure portal.
- A Microsoft Entra ID user with a Reader, Contributor, or Administrator role assigned for the confidential ledger resource. For help managing users, see Manage Microsoft Entra token-based users in Azure confidential ledger.
Open the ledger explorer
- Sign in to the Azure portal as a Microsoft Entra ID user who has a Reader, Contributor, or Administrator role for the confidential ledger resource.
- Navigate to your confidential ledger resource.
- On the Overview page, select the Ledger explorer (preview) tab.
The ledger explorer displays an ordered list of all transactions on your ledger with their IDs and contents, filtered by collections. The ledger is an append-only, sequential datastore with data starting from Transaction ID 2.1.
Search for a transaction
CCF Transaction IDs require both a view and a sequence number, separated by a period (for example, 2.15). Valid Transaction IDs start at 2.1. Each transaction receives a unique sequence number assigned by the system.
- If you previously recorded a specific Transaction ID, enter it in the search box to locate that transaction.
- Use the filters and the search box to start your transaction search from any Transaction ID.
Create a ledger entry
If you have an Administrator or Contributor role, you can create new ledger entries directly from the explorer.
- Select the Create button in the command bar.
- Enter a Collection ID for the entry. A default Collection ID
subledger:0is assigned if you don't specify one. You can change the Collection ID using the dropdown, or specify a new collection by typing it in the Collection Id field. - Enter the content for the entry and submit it.
Warning
Ledger entries are immutable. Once you commit a transaction, you can't delete it.
Verify transaction integrity
Azure Confidential Ledger provides cryptographic evidence that your data hasn't been tampered with, through transaction receipts. The ledger explorer performs the verification steps described in Verify Azure Confidential Ledger write transaction receipts. For background on how verification works across both explorer tools, see Ledger Explorer concepts.
To verify a transaction:
- Select a transaction in the ledger explorer.
- Select the Proof tab.
Leaf node computation
The transaction digest is computed from the Claims Digest, Commit Evidence, and Write Set Digest. This transaction digest is inserted as a leaf node into the Merkle tree.
This step corresponds to Leaf node computation in Verify Azure Confidential Ledger write transaction receipts.
Root node computation
The transaction receipt provides a cryptographic proof with the Merkle tree branches that leads to the root of the Merkle tree.
This step corresponds to Root node computation in Verify Azure Confidential Ledger write transaction receipts.
Signature verification
When the transaction is committed, the primary node signs the Merkle root. To verify that the transaction was committed by your ledger and hasn't been tampered with, the ledger explorer uses the public key of the signing node and the digital signature to verify that the calculated Merkle root matches the signed value.
The explorer then checks that the signing node is endorsed by the ledger. If the transaction is committed and hasn't been tampered with, the explorer indicates that the Globally Committed Status is verified.
This step corresponds to Verify signature over root node and Verify signing node certificate endorsement in Verify Azure Confidential Ledger write transaction receipts.