Step 2: Verifying your data in QLDB
Important
End of support notice: Existing customers will be able to use Amazon QLDB until end of support on 07/31/2025. For more details, see
Migrate an Amazon QLDB Ledger to Amazon Aurora PostgreSQL
Amazon QLDB provides an API to request a proof for a specified document ID and its associated block. You must also provide the tip address of a digest that you previously saved, as described in Step 1: Requesting a digest in QLDB. You can use the AWS Management Console, an AWS SDK, or the AWS CLI to get a proof.
Then, you can use the proof returned by QLDB to verify the document revision against the saved digest, using a client-side API. This gives you control over the algorithm that you use to verify your data.
AWS Management Console
This section describes the steps to verify a document revision against a previously saved digest using the Amazon QLDB console.
Before you start, make sure that you follow the steps in Step 1: Requesting a digest in QLDB. Verification requires a previously saved digest that covers the revision that you want to verify.
To verify a document revision (console)
Open the Amazon QLDB console at https://console.aws.amazon.com/qldb
. -
First, query your ledger for the
id
andblockAddress
of the revision that you want to verify. These fields are included in the document's metadata, which you can query in the committed view.The document
id
is a system-assigned unique ID string. TheblockAddress
is an Ion structure that specifies the block location where the revision was committed.In the navigation pane, choose PartiQL editor.
-
Choose the ledger name in which you want to verify a revision.
-
In the query editor window, enter a
SELECT
statement in the following syntax, and then choose Run.SELECT metadata.id, blockAddress FROM _ql_committed_
table_name
WHEREcriteria
For example, the following query returns a document from the
VehicleRegistration
table in the sample ledger created in Getting started with the Amazon QLDB console.SELECT r.metadata.id, r.blockAddress FROM _ql_committed_VehicleRegistration AS r WHERE r.data.VIN = 'KM8SRDHF6EU074761'
-
Copy and save the
id
andblockAddress
values that your query returns. Be sure to omit the double quotes for theid
field. In Amazon Ion, string data types are delimited with double quotes. For example, you must copy only the alphanumeric text in the following snippet."
LtMNJYNjSwzBLgf7sLifrG
" -
Now that you have a document revision selected, you can start the process of verifying it.
In the navigation pane, choose Verification.
-
On the Verify document form, under Specify the document that you want to verify, enter the following input parameters:
-
Ledger – The ledger in which you want to verify a revision.
-
Block address – The
blockAddress
value returned by your query in step 4. -
Document ID – The
id
value returned by your query in step 4.
-
-
Under Specify the digest to use for verification, select the digest that you previously saved by choosing Choose digest. If the file is valid, this auto-populates all the digest fields on your console. Or, you can manually copy and paste the following values directly from your digest file:
-
Digest – The
digest
value from your digest file. -
Digest tip address – The
digestTipAddress
value from your digest file.
-
-
Review your document and digest input parameters, and then choose Verify.
The console automates two steps for you:
-
Request a proof from QLDB for your specified document.
-
Use the proof returned by QLDB to call a client-side API, which verifies your document revision against the provided digest. To examine this verification algorithm, see the following section QLDB API to download the code example.
The console displays the results of your request in the Verification results card. For more information, see Verification results.
-
QLDB API
You can also verify a document revision by using the Amazon QLDB API with an AWS SDK or the AWS CLI. The QLDB API provides the following operations for use by application programs:
-
GetDigest
– Returns the digest of a ledger at the latest committed block in the journal. The response includes a 256-bit hash value and a block address. -
GetBlock
– Returns a block object at a specified address in a journal. Also returns a proof of the specified block for verification ifDigestTipAddress
is provided. -
GetRevision
– Returns a revision data object for a specified document ID and block address. Also returns a proof of the specified revision for verification ifDigestTipAddress
is provided.
For complete descriptions of these API operations, see the Amazon QLDB API reference.
For information about verifying data using the AWS CLI, see the AWS CLI Command Reference.
Sample application
For Java code examples, see the GitHub repository aws-samples/amazon-qldb-dmv-sample-java
The tutorial code in class GetRevision
-
Requests a new digest from the sample ledger
vehicle-registration
. -
Requests a proof for a sample document revision from the
VehicleRegistration
table in thevehicle-registration
ledger. -
Verifies the sample revision using the returned digest and proof.