According to DES specification, the last bit of each byte of the secret key is used for error detection (each byte should have odd parity). Hence the effective key length is 56 bits, not 64 bits.
However, in many use cases these parity bits are not checked. Sometimes they are even used for a completely different purpose: Mifare DESFire cards store the key version in those bits, for example, even though the original error correction purpose gets lost.
How do Java Card implementations handle these bits? Let us have a look at this code:DESKey desKey = … //a single DES key instance
byte inputKey = new byte;
inputKey = (byte) 0x03; //explicitly invalid parity bit in the last byte
desKey.setKey(inputKey, (short) 0);
byte outputKey = new byte;
desKey.getKey(outputKey, (short) 0);
Is it guaranteed that inputKey and outputKey arrays will contain the same data in the end, even with invalid parity bits in the inputKey? I performed several experiments with a few card types and they all preserve any data I put in those parity bits, but I didn’t find any mention in Java Card specification that this behaviour is guaranteed.
This piece of information is very important to me; otherwise I would have to store my "invalid parity bits" separated from the key instance.