For example when given an invalid subject name O ="org", CN = "invalid" it creates the CSR successfully but the generated CSR is invalid as later confirmed by openssl.
$ gpgsm --armor --output invalid.csr --gen-key gpgsm (GnuPG) 2.4.2; Copyright (C) 2023 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA (2) Existing key (3) Existing key from card Your selection? 3 Serial number of the card: redacted Available keys: (1) redacted OPENPGP.1 nistp521 (cert,sign) (2) redacted OPENPGP.2 nistp521 (encr) (3) redacted OPENPGP.3 nistp521 (sign,auth) Your selection? 3 Possible actions for a RSA key: (1) sign, encrypt (2) sign (3) encrypt Your selection? 1 Enter the X.509 subject name: O ="org", CN = "invalid" Enter email addresses (end with an empty line): > Enter DNS names (optional; end with an empty line): > Enter URIs (optional; end with an empty line): > Create self-signed certificate? (y/N) n These parameters are used: Key-Type: card:OPENPGP.3 Key-Length: 1024 Key-Usage: sign, encrypt Name-DN: O ="org", CN = "invalid" Proceed with creation? (y/N) y Now creating certificate request. This may take a while ... gpgsm: about to sign the CSR for key: &redacted gpgsm: certificate request created Ready. You should now send this request to your CA.
$ openssl req -in invalid.csr -noout -text -verify 140367445079872:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1u/crypto/asn1/a_verify.c:170: $ openssl req -in invalid.csr -noout -text Certificate Request: Data: Version: 1 (0x0) Subject: CN = invalid, O = org Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (521 bit) pub: redacted ASN1 OID: secp521r1 NIST CURVE: P-521 Attributes: Requested Extensions: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment Signature Algorithm: ecdsa-with-SHA256 redacted
OS: Gentoo
gpgsm --version gpgsm (GnuPG) 2.4.2 libgcrypt 1.10.1-unknown libksba 1.6.3 Copyright (C) 2023 g10 Code GmbH License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /root/.gnupg Supported algorithms: Cipher: 3DES, AES128, AES192, AES256, SERPENT128, SERPENT192, SERPENT256, SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256 Pubkey: RSA, ECC, ECC Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL