Noticed when testing T6683:
After acknowledging the new "No X509 certificate found" window and choosing in the next window -> OpenPGP -> Generate, a "generate key, this may take a while"- window appears and does not go away (at least not in the usual time...) although in the background the newly generated key is listed in the certificate list in Kleopatra.
After hitting cancel on 2 windows checking the details of the generated key show that it is RSA 2048.
But it is shown as VS-NfD compliant anyway.
When trying to send a signed mail the next time, this certificate is used and accepted as compliant.