diff --git a/src/utils/compliance.cpp b/src/utils/compliance.cpp
index 7e09d0d20..7e5d9a117 100644
--- a/src/utils/compliance.cpp
+++ b/src/utils/compliance.cpp
@@ -1,85 +1,99 @@
 /* -*- mode: c++; c-basic-offset:4 -*-
     utils/compliance.cpp
 
     This file is part of libkleopatra
     SPDX-FileCopyrightText: 2022 g10 Code GmbH
     SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
 
     SPDX-License-Identifier: GPL-2.0-or-later
 */
 
 #include <config-libkleo.h>
 
 #include "compliance.h"
 
 #include "cryptoconfig.h"
 #include "gnupg.h"
+#include "stringutils.h"
 #include "systeminfo.h"
 
 #include <libkleo/keyfiltermanager.h>
 
 #include <KColorScheme>
 #include <KLocalizedString>
 
 #include <QPushButton>
 
 bool Kleo::DeVSCompliance::isActive()
 {
     return getCryptoConfigStringValue("gpg", "compliance") == QLatin1String{"de-vs"};
 }
 
 bool Kleo::DeVSCompliance::isCompliant()
 {
     if (!isActive()) {
         return false;
     }
     // The pseudo option compliance_de_vs was fully added in 2.2.34;
     // For versions between 2.2.28 and 2.2.33 there was a broken config
     // value with a wrong type. So for them we add an extra check. This
     // can be removed in future versions because for GnuPG we could assume
     // non-compliance for older versions as versions of Kleopatra for
     // which this matters are bundled with new enough versions of GnuPG anyway.
     if (engineIsVersion(2, 2, 28) && !engineIsVersion(2, 2, 34)) {
         return true;
     }
     return getCryptoConfigIntValue("gpg", "compliance_de_vs", 0) != 0;
 }
 
+bool Kleo::DeVSCompliance::algorithmIsCompliant(std::string_view algo)
+{
+    using namespace std::literals;
+
+    if (!isActive()) {
+        return true;
+    }
+    if (Kleo::startsWith(algo, "rsa"sv)) {
+        return algo == "rsa3072"sv || algo == "rsa4096"sv;
+    }
+    return !algo.empty();
+}
+
 void Kleo::DeVSCompliance::decorate(QPushButton *button)
 {
     decorate(button, isCompliant());
 }
 
 void Kleo::DeVSCompliance::decorate(QPushButton *button, bool compliant)
 {
     if (!button) {
         return;
     }
     if (compliant) {
         button->setIcon(QIcon::fromTheme(QStringLiteral("security-high")));
         if (!SystemInfo::isHighContrastModeActive()) {
             const auto bgColor = KColorScheme(QPalette::Active, KColorScheme::View).background(KColorScheme::PositiveBackground).color().name();
             button->setStyleSheet(QStringLiteral("QPushButton { background-color: %1; };").arg(bgColor));
         }
     } else {
         button->setIcon(QIcon::fromTheme(QStringLiteral("security-medium")));
         if (!SystemInfo::isHighContrastModeActive()) {
             const auto bgColor = KColorScheme(QPalette::Active, KColorScheme::View).background(KColorScheme::NegativeBackground).color().name();
             button->setStyleSheet(QStringLiteral("QPushButton { background-color: %1; };").arg(bgColor));
         }
     }
 }
 
 QString Kleo::DeVSCompliance::name()
 {
     return name(isCompliant());
 }
 
 QString Kleo::DeVSCompliance::name(bool compliant)
 {
     const auto filterId = compliant ? QStringLiteral("de-vs-filter") : QStringLiteral("not-de-vs-filter");
     if (auto filter = KeyFilterManager::instance()->keyFilterByID(filterId)) {
         return filter->name();
     }
     return compliant ? i18n("VS-NfD compliant") : i18n("Not VS-NfD compliant");
 }
diff --git a/src/utils/compliance.h b/src/utils/compliance.h
index 8fd55b4fe..c07653ded 100644
--- a/src/utils/compliance.h
+++ b/src/utils/compliance.h
@@ -1,68 +1,76 @@
 /* -*- mode: c++; c-basic-offset:4 -*-
     utils/compliance.h
 
     This file is part of libkleopatra
     SPDX-FileCopyrightText: 2022 g10 Code GmbH
     SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
 
     SPDX-License-Identifier: GPL-2.0-or-later
 */
 
 #pragma once
 
 #include "kleo_export.h"
 
+#include <string_view>
+
 class QPushButton;
 class QString;
 
 namespace Kleo::DeVSCompliance
 {
 
 /**
  * Returns true, if compliance mode "de-vs" is configured for GnuPG.
  * Note: It does not check whether the used GnuPG is actually compliant.
  */
 KLEO_EXPORT bool isActive();
 
 /**
  * Returns true, if compliance mode "de-vs" is configured for GnuPG and if
  * GnuPG passes a basic compliance check, i.e. at least libgcrypt and the used
  * RNG are compliant.
  */
 KLEO_EXPORT bool isCompliant();
 
+/**
+ * Returns true, if the given algorithm is compliant with compliance mode
+ * "de-vs". Always returns true, if compliance mode "de-vs" is not active.
+ */
+KLEO_EXPORT bool algorithmIsCompliant(std::string_view algo);
+
 /**
  * \overload
  *
  * Sets the appropriate icon and, unless high-contrast mode is active, the
  * appropriate background color of \p button depending on the state of
  * compliance.
  */
 KLEO_EXPORT void decorate(QPushButton *button);
 
 /**
  * Sets the appropriate icon and, unless high-contrast mode is active, the
  * appropriate background color of \p button depending on the value of
  * \p compliant.
  */
 KLEO_EXPORT void decorate(QPushButton *button, bool compliant);
 
 /**
  * \overload
  *
  * Returns a localized name for the compliance or non-compliance depending on
  * the state of compliance.
  */
 KLEO_EXPORT QString name();
 
 /**
  * Returns a localized name for the compliance or non-compliance depending on
  * the value of \p compliant.
  *
  * \note The localized name is taken from the de-vs-filter filter resp. the
  * not-de-vs-filter. This allows the customization of the name for different
  * users because VS-NfD compliance is called differently in different
  * environments, e.g. NATO RESTRICTED or EU RESTRICTED.
  */
 KLEO_EXPORT QString name(bool compliant);
 }