Since 2019 Kleopatra does not offer RSA-2048 in de-vs mode in the newcertificatewizard, but it is possible to generate a CSR / OpenPCP Certificate for existing RSA-2048 keys from a smartcard. This is esp. a problem for Netkey cards since the RSA-2048 cards should be deprecated but can still be used by switching to OpenPGP.
It would be good if we could have this for the next release.
Update 2023-01-16: Also prevent usage of all non-brainpool curves in de-vs mode.