Help
The symmetric, cryptographic encryption algorithm 3-DES (Triple-DES) is a further development of the Data Encryption Standard DES and uses symmetric keys with a length of 112 bits. DES is a widely used encryption algorithm with a key length of 56 bits. However, this key length is now considered insecure. With 3-DES, the DES Encryption three times in succession with two independent cryptographic keys generated from the 112-bit key. DES is standardized as the Federal Information Processing Standard FIPS 46-3 and becomes 3-DES through ANSI X9.52-1998.
A
If you are registered in Mein ELSTER with a certificate file, you may need a so-called retrieval code to retrieve certificates and approve applications from another person. This retrieval code is only required in a few commercial tax programs. The Code is 11 digits long (2 times 5 digits, separated by a hyphen) and serves as an additional security feature alongside the password that already exists for the certificate. The retrieval code will be sent to you by post if you apply for it separately. The retrieval code will be sent by post within a few days. In individual cases, however, it may take up to two weeks. Please do not apply for another retrieval code in the meantime, as this will invalidate the retrieval code that is already on its way to you. If you already have a retrieval code when you agree to the retrieval of certificates, it will remain valid (no new one will be created and sent to you).
The 5th incorrect entry will result in the currently valid retrieval code being blocked. You must then apply for a new retrieval code. If you lose it in any other way, you can of course apply for a new retrieval code.
The Advanced Encryption Standard AES is a symmetric encryption algorithm that can operate with symmetric keys of 128, 192 and 256 bits in length. It was developed by cryptographers Dr. Joan Daemen and Dr. Vincent Rijmen under the name Rijndael cipher. The algorithm is considered sufficiently secure for the 21st century. It was standardized in 2001 as the Federal Information Processing Standard FIPS 197.
The activation code is a 12-digit alphanumeric value generated by the tax authorities that is used once to activate the user's Login option for Mein ELSTER. It can only be used effectively in combination with a corresponding Activation ID can be used. The individual activation Code will be sent to you by post when you register.
Activation data is used by a Mein ELSTER user to activate their Login option. The activation data consists of the Activation Code and the Activation ID which the user receives from the tax authorities.
The activation ID is a number with up to 20 digits generated by the tax authorities, which is used by the user to activate their Mein ELSTER login option. It can only be used effectively in combination with a corresponding Activation Code can be used. The individual activation ID will be sent to you by e-mail upon registration.
An asymmetric key pair is individually assigned to a user or system. It consists of a public key and a private (=secret) key. The private key may only be known to the owner and is used for individual authentication or decryption of electronic information using asymmetric, cryptographic procedures. The public key is used by the general public to verify an electronic signature executed with the private key or for individual authentication or decryption of electronic information using asymmetric, cryptographic procedures. Encryption. The cryptographic procedure ensures that Encryption and decryption as well as signature and signature verification or authentication only work with the corresponding key pair.
With asymmetric cryptographic procedures, a person or system always receives two keys, i.e. one asymmetric key pair for example for signature, authentication or Encryption functions, namely a public and a private key. The public key is accessible to everyone, the private key only to the respective person or system. With the private key, data can be signed or authenticated, for example, and checked by anyone with the corresponding public key. In addition, the public key can be used to encrypt data for the corresponding communication partner and can only be decrypted using their private key. Well-known asymmetric cryptographic methods include RSA, DSS and ECC.
Authentication is the process of proving a claimed identity, for example a person in relation to an electronic identifier. In IT systems, proof is usually provided by checking a user ID and password. Stronger security is provided by authentication with asymmetric cryptographic procedures or biometric features (e.g. fingerprint).
The security of ELSTER is based, among other things, on the use of digital certificates and the corresponding key pairs. These certificates and key pairs are stored either in a file or in a chip. The medium on which these certificates and keys are stored is called the authentication medium. The following means of authentication can be used with ELSTER:
- Certificate file
- Security stick
- Signature card
Authenticity is generally understood to mean the genuineness (authenticity) and credibility of data or a partner instance. Authenticity can be verified using cryptographic procedures, e.g. via asymmetric cryptographic procedures secured and checked.
B
The user name in Mein ELSTER is a electronic identity of a user account. A freely selectable character string (maximum 8 characters) can be used under a user name. It is used to distinguish between several personal access options in Mein ELSTER if a user registers more than once. As it is not yet clear at the time of the first registration whether the user will require further personal access options at a later date, a user name must be assigned for each registration.
The following electronic data that has been transmitted to the tax administration about your person is referred to as certificates:
- Income tax certificates sent by the employer
- Wage replacement benefits (e.g. unemployment benefit, sickness benefit, parental benefit)
- Notifications regarding the receipt of pension benefits
- Contributions to health and long-term care insurance
- Pension expenses (for example Riester or Rürup contracts)
- Contributions for capital-forming benefits (VWL / VL)
The tax administration collects this data and makes it available to you for retrieval. You (or a person authorized by you, e.g. your tax advisor) can access the information stored about you by the tax administration and use it for your income tax return if necessary.
About the BZStOnline Portal (BOP)
the Federal Central Tax Office (BZSt) provides electronic forms for data transmission for various procedures in the BZSt's area of responsibility, for example for church tax, insurance and fire protection tax or input tax refunds. A complete list of the forms offered can be found in the corresponding Overview page of the BOP.
C
Criteria for testing and evaluating the security of information technology. They are suitable for evaluating the security properties of practically all information technology products and systems. They have been adopted as an international standard by the International Organization for Standardization (ISO) under the number 15408.
In technical terms, a computer virus is a non-independent program routine that reproduces itself by attaching itself to other software or areas of the operating system of a computer, for example, and, once started, manipulates them in a way that cannot be controlled by the user. The idea of computer viruses was derived from the biological model of viruses and gave them their name. Computer viruses often cause data and programs to be changed or lost on a computer and disrupt regular operations.
D
In Mein ELSTER, registration can be carried out with the new ID card (nPA) or with the electronic residence permit (eAT). The two different types of ID can be technically distinguished using the "Document type" attribute. The document type is "ID" with the nPA and "AR", "AS" or "AF" for the eAT.
E
The electronic identity is a name that can be traced by a system and to which it can assign a person or another system. This name is often referred to as a user ID or account. An electronic identity is assigned rights on a system that restrict the use of the system. This is to ensure that the user really is the legitimate user of the corresponding identity. This is done through a secure Authentication process.
An electronic signature is a technical procedure. The electronic signature can be used to identify the originator of data. It can be used electronically for a declaration of intent or for Authentication can be used. Asymmetric cryptographic procedures can be used to generate and verify electronic signatures.
With Elster, the electronic signature is used exclusively for Authentication is used (authentication signature).
Electronic misuse is defined as unauthorized access to systems, including the unauthorized use of systems for one's own purposes. It should be noted that in Germany, even unauthorized access to another person's computer is punishable by law. Laws on computer misuse are not uniformly regulated in the EU.
Refers to Software or a file from the tax authorities that provides predefined functions for the technical access of a computer to Mein ELSTER for integration into other computer software.
The SSL certificate from ELSTER is issued by an internationally recognized Trustcenter(for example Verisign, Symantec Corporation, Thawte or TC-Trustcenter) and is used to authenticate the identity of Mein ELSTER to a computer or user. The Certificate has a unique feature. This is its electronic SHA1 fingerprint, which reads: 52 EA E1 6F 40 64 38 B7 FF 02 91 C1 7D 36 82 DD 9B 41 7A 90. Certificate have a different fingerprint, it is not the ELSTER SSL certificate.
Signature generation components (e.g. signature cards) and certification service providers (e.g. Trustcenter) that are to be used in connection with the electronic tax return in Mein ELSTER and other associated services must meet a certain minimum security standard and satisfy certain technical requirements. The minimum security standard and the technical requirements are described in the tax authorities' ELSTER Policy.
F
The asymmetric key pairs contained on an advanced signature card are protected by recognized Trustcenter or clearly assigned to a holder through contractual relationships and generated in accordance with internationally recognized guidelines. They enable the holder to electronic signatures which clearly enable the signature to be identified by others. The signature card is personally assigned to the holder and must be under their control.
The activation code is used to approve the application of another person if the person whose certificates are to be retrieved has not registered with Mein ELSTER with an identification number or has not yet registered to retrieve certificates or applied for a retrieval code. The activation code will be sent by post to the person whose certificates you wish to retrieve. The 12-digit Code is a one-time code that is only valid for the approval of an application. After receiving the letter, the recipient can decide whether to pass the Code on to the applicant, thereby enabling them to retrieve their certificates. The activation code expires automatically if it is not passed on to the applicant and used within 90 days.
H
Hackers are people who penetrate other people's networks, databases or hard disks in order to steal data contained there or to obtain personal information. They usually infiltrate without the victim's knowledge in order to obtain keys, account numbers or credit card numbers.
Hijacking is the unauthorized takeover of a communication connection between a computer and a Server. In order for an attacker to take over a communication connection, they listen to all the data of a third-party online session. With the help of the collected data, the attacker may obtain enough information to synchronize his computer with the server in question. The server does not realize that it is connected to a computer other than the known computer that established the communication connection. Hijacking can make it possible to take over authenticated communication connections if the communication connection is not sufficiently secure.
The term Hardware Security Module (HSM) refers to an (internal or external) peripheral device for the efficient and secure execution of cryptographic operations. It thus makes it possible to ensure the trustworthiness and integrity of data and the associated information in business-critical IT systems. To ensure trustworthiness, the cryptographic keys used must be protected both by software and against physical attacks or side-channel attacks.
An HTML page is an Internet page that has been developed or written using the Hyper-Text Markup Language. Traditionally, HMTL is used to create Internet pages.
HTTPS is the security variant of the Internet protocol HTTP (Hyper-Text Transfer Protocol) for transmitting information over the Internet. It binds the security protocol TLS which Encryption- and Authentication mechanisms for a communication connection via the Internet.
Represents a cryptographic method that combines symmetric and asymmetric methods. In most cases, symmetric procedures are used as encryption mechanisms and asymmetric procedures are used as key exchange methods (Encryption of the symmetric key with the recipient's public key).
I
You will find your personal identification number in the header of every letter from your tax office.

If you have not yet received your personal identification number or have misplaced it, you can request it from the Federal Central Tax Office request.
In the field of information security, integrity is a protection goal that states that data should remain complete and unchanged over a certain period of time. A change could occur intentionally, unintentionally or due to a technical error. Integrity therefore includes data security (protection against loss) and protection against forgery (protection against deliberate alteration).
The integrity of data is guaranteed if the data originates from the specified sender and has been transmitted to the recipient in full and unchanged.
ITSec evaluation involves testing and assessing the security properties of an information technology product according to defined security criteria, guided by an evaluation manual. It goes far beyond a simple conformity check between a user manual and the actual behavior of the product.
J
A Java Applet is an application written in the Java programming language that can be executed within an Internet Browsers. It offers the possibility of computer-side data processing of active web content in an Internet-based computer/server environment. The Java Applet is automatically loaded from the Server into the computer's Internet browser as required. Java applets have no longer been used in Mein ELSTER since July 2017.
K
Cryptoboxes are generally used for a general Encryption of communication connections or line encryption. All electronic information sent via a communication link is encrypted on one side in a node by a cryptobox and decrypted on the other side in a node by another cryptobox. In general, the security of line encryption is based on strong symmetric cryptographic procedures. All electronic information is encrypted with the same symmetric key, which is only known to the relevant cryptoboxes.
A cryptochip is a high-performance processor that can perform cryptographic operations quickly and securely. It enables the secure storage of personal key resources to protect them from unauthorized access. For example, it enables the individual secure storage of private keys as part of the asymmetric cryptographic process. A cryptochip can be used in chip cards or computer systems.
The original aim of cryptography is to make data unrecognizable to unauthorized third parties by applying Encryption methods, or the doctrine of keeping information secret. The Encryption The more theoretical or mathematical effort required to reconstruct the data by an unauthorized person, the stronger the security is considered to be. Cryptography also includes methods of Authentication the electronic signature and the Authenticity proof.
Cryptographic means refer to cryptographic information that is used as input to the cryptographic procedure for Encryption authentication and electronic signature. In most cases, this is information kept secret by an individual person or system, such as a password, a PIN or the private key of an asymmetric key pair. It can also be unique biometric characteristics of a person, such as a fingerprint, voice or eye characteristics. There are also publicly known key resources of persons or systems that are used, for example, to verify electronic signatures or authentication, such as the public key of an asymmetric key pair.
M
Malware refers to any type of malicious Software such as computer viruses, Trojans, worms, etc. It contains functions that are not recognizable to the user. It contains functions that are not recognizable to the user and can be used, for example, to delete, change or copy data. In addition, data such as passwords can be spied out
Masquerading refers to the situation where a person or system fakes a false identity in electronic communication or is not the identity it claims to be electronically. For example, by exploiting similar names or using covert electronic redirects, a foreign server could log on to a computer with the website of a familiar server that the user has accessed without taking appropriate security precautions. In this way, the foreign server could, for example, spy out a password when the user attempts to Login or accept files that are not intended for it or present data that does not come from the original server.
One way of assessing the strength of cryptographic Encryption - and signature procedures, the length of the cryptographic keys that can be used within the procedure is measured in bits. The higher the number of bits of the keys used, the stronger the cryptographic method is assessed. The minimum key length refers to the minimum number of bits of a cryptographic key to be used so that the corresponding method can still be considered strong.
O
This is the cryptographic key used in asymmetric procedures, which is made publicly accessible by the owner or the issuing Trustcenter, for example via a Directory service but also by diskette, Internet download or e-mail. With the help of a Trustcenter issued and correspondingly electronically signed certificate the public key is officially authenticated or identified as belonging to an identified person or an identified system. The public key is used to verify electronic signatures of the owner or the system owner. Encryption electronic information that can only be decrypted by the owner with the corresponding private key.
P
A personal Firewall is security software for your personal computer to provide increased protection against unauthorized access from the Internet. It is designed to protect the computer from external attacks and also prevent certain programs, for example Computer viruses establish contact from the computer to the Internet. To do this, it monitors all connections to other networks and checks both the requests to the Internet and the data coming to the computer.
Phishing is a deliberate attack by a third party. Hackers with the aim of obtaining the victim's personal information such as credit card numbers, passwords or PIN numbers. For example, the victim receives a seemingly legitimate e-mail or website from a seemingly well-known sender such as a public authority, bank or credit institution. The victim is asked to visit a website and enter the secret personal information on the basis of a necessary comparison or verification or similar. Since this website is fake, the victim receives Hacker access to personal information and can use it for their own interests.
Phishing is a portmanteau of "password" and "fishing".
Defacto standard from the company RSA Security, which defines the format for storing and transporting asymmetric key pairs, corresponding Certificates and other electronic key resources.
A security infrastructure that enables encrypted data to be exchanged or signatures to be generated and verified in unsecured networks (e.g. the Internet) on the basis of a key pair issued by a trusted authority (asymmetric encryption). Further information on asymmetric encryption and signatures can be found on the pages of the Federal Office for Information Security (BSI).
Plausibility refers to the syntactic and semantic or the formal and content-related correctness of electronic information. In Mein ELSTER, for example, only plausible information is forwarded to the state authorities.
This is the cryptographic key used in asymmetric procedures, to which only the owner may have access. The private key is used to generate electronic signatures (authentication signatures) and to decrypt data.
PSE stands for Personal Security Environment. This is a personal, electronic security area in which security-relevant data, such as a private key are contained in a PSE. A PSE is usually found on a chip card, but can also be available as an encrypted file. The PSE is secured by a password, a PIN or biometric procedures (e.g. fingerprint).
The pseudonym, also known as a derived ID number, is used to identify the ID card holder without having to transmit personal data via the Internet. The new ID card (nPA) contains a Pseudonym function integrated. The ID card generates a separate pseudonym for each service provider (e.g.: Mein ELSTER) so that two different service providers cannot recognize the same person using the pseudonym (also known as "limited recognition").
Q
Qualified signature cards enable the holder, among other things, to sign in accordance with the German Signature law legally compliant electronic signature which has the binding force of a manual signature. One pair of the key pairs contained on the qualified signature card must be authenticated by a certificate issued by a company accredited by the Regulatory Authority for Posts and Telecommunications. Trustcenter are clearly assigned to a holder and are processed by products for qualified signatures.
R
Named after its developer Ronald L. Rivest, this is an internationally recognized method for symmetrical Encryption where keys of different lengths can be used. RC4 is basically a pseudo-random generator. The method was developed in 1987 by Rivest for the company RSA Security.
The RSA algorithm is an asymmetric cryptographic method and is suitable for electronic signatures, authentication and key exchange of symmetric keys with asymmetric keys. Encryption . It was developed by Rivest, Shamir and Adleman in 1977. The security of this algorithm is based in principle on the difficulty of factorizing large numbers.
S
The security check of a system can be formal or technical. The configuration of the system is always checked for security uncertainties, resulting in recommendations for the configuration of the computer. Further information on security on the Internet can be found on the website of Deutschland sicher im Netz e. V.. There are software products or Scanners that check the security configuration of a computer. There are products that have to be run directly on the computer and products that check the computer's configuration via a secure Internet connection.
The purpose of the Signature Act is to create the framework conditions for electronic signatures in order to increase the legal certainty of transactions conducted over the Internet, for example. This law defines the following three types of electronic signatures: Simple electronic signatures, advanced electronic signatures and qualified electronic signatures. The Regulatory Authority for Telecommunications and Posts (Federal Network Agency).
A blacklist serves a Trustcenter for the publication of certificates that were blocked before their validity expired. All those listed in a revocation list Certificates are invalid from the date of publication.
Secure Socket Layer (SSL) is a protocol for secure data exchange between computers and servers over the Internet. Computers and servers can authenticate each other using asymmetric cryptographic procedures and encrypt the data during data exchange. This protocol was developed by the company Netscape.
In symmetric procedures, the same secret key is used for the Encryption and decryption of data. If the encrypted file is to be passed on, the secret key must be communicated to the recipient via a secure transmission channel. As there is no truly secure method other than a private conversation, this becomes a problem. Asymmetric methods solve the problem of key exchange.
T
TESTA (Trans-European Services for Telematics between Administrations) is an overlay network of European administrations. The primary goal of TESTA is to provide European institutions, agencies and administrations with a comprehensive, well-structured range of services based on recognized market standards that enable the simple and reliable exchange of data and ensure optimum interoperability. One part of this major project is TESTA Germany, the cooperation between the federal and state governments in the sense of a merger of the individual state networks as well as the direct connection of individual federal authorities and the Berlin-Bonn Information Network (IVBB). The TESTA network thus forms the backbone of a "Corporate Network Administration" for cross-state communication.
Transport Layer Security (TLS) is a protocol for secure data exchange between computers and servers over the Internet. Computers and servers can authenticate each other using asymmetric cryptographic procedures and encrypt the data during data exchange.
A seemingly useful file or Software that does not have the supposed content. This makes it possible for the file or Software to install unintended functions on a computer unnoticed. For example, passwords and other confidential data can be spied out, changed, deleted or sent to an unauthorized person during the next data transfer. This "data theft" usually goes unnoticed without dedicated security mechanisms.
A Trustcenter is an independent, trustworthy authority that is responsible for issuing and managing electronic certificates is responsible. The Trustcenter digitally signs the certificates it issues and thus guarantees the authenticity of the data on the certificate. As all participants trust the Trustcenter in asymmetric procedures, they can also rely on the validity of the issued certificates in this way. Certificates and therefore trust the public keys of other participants.
V
Encryption is the transformation of data for secure storage or transmission. This involves using a cryptographic key to make the content of a document, file or email, for example, illegible to unauthorized third parties. Only the correct recipient can read the data again with the help of a suitable (decryption) key. There are different encryption methods such as symmetric, asymmetric and hybrid encryption.
In this document, directory service refers to a database structured hierarchically (tree-like) in accordance with the ITU standard X.500, in which information can be retrieved from a suitable system. This is used, for example, in address, e-mail and certificate directories, in which the desired information can be searched for according to various criteria. The database can also be distributed across several servers.
A virus scanner is software that protects a computer (computer, server, ...) to a certain extent by regularly or permanently scanning files. Computer viruses protects. To ensure optimum protection, a virus scanner must be kept up to date with frequent and regular Updates to the virus definition files it contains.
The pre-filled tax return is also known as the retrieval of certificates and is a free service offered by the tax administration. The aim of this electronic collection of certificates is to make it easier for you to prepare your income tax return. The tax administration collects data for you in electronic form and makes these certificates available to you. You (or a person authorized by you, e.g. your tax advisor) can thus access the information stored about you by the tax administration and use it for your income tax return if necessary.
The following electronic data that has been transmitted to the tax administration about your person is referred to as certificates:
- Income tax certificates sent by the employer
- Wage replacement benefits (e.g. unemployment benefit, sickness benefit, parental benefit)
- Notifications regarding the receipt of pension benefits
- Contributions to health and long-term care insurance
- Pension expenses (for example Riester or Rürup contracts)
- Contributions for capital-forming benefits (VWL / VL)
Z
An electronic ID card for a person, organization or system that is issued by a Trustcenter and issued by its electronic signature is authenticated and, in particular, guarantees the assignment of a public key to a person, organization or system. mein ELSTER issues personal certificates for individuals and certificates for organizations (including organizational certificates).