diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
index f05f83014..b3e4fbd5e 100644
--- a/common/openpgpdefs.h
+++ b/common/openpgpdefs.h
@@ -165,7 +165,7 @@ typedef enum
     PUBKEY_ALGO_RSA         =  1,
     PUBKEY_ALGO_RSA_E       =  2, /* RSA encrypt only (legacy). */
     PUBKEY_ALGO_RSA_S       =  3, /* RSA sign only (legacy).    */
-    /*PUBKEY_ALGO_KYBER     =  8,    Kyber (FIPS-203 final)     */
+    PUBKEY_ALGO_KYBER       =  8, /* Kyber (FIPS-203 final)     */
     PUBKEY_ALGO_ELGAMAL_E   = 16, /* Elgamal encrypt only.      */
     PUBKEY_ALGO_DSA         = 17,
     PUBKEY_ALGO_ECDH        = 18, /* RFC-6637  */
@@ -173,7 +173,7 @@ typedef enum
     PUBKEY_ALGO_ELGAMAL     = 20, /* Elgamal encrypt+sign (legacy).  */
     /*                        21     reserved by OpenPGP.            */
     PUBKEY_ALGO_EDDSA       = 22, /* EdDSA.                          */
-    PUBKEY_ALGO_KYBER       = 29, /* Kyber                           */
+    /*                        29     (was fips203.ipd.2023-08-24 in 1.5.0)   */
     PUBKEY_ALGO_DIL3_25519  = 35, /* Dilithium3 + Ed25519 (aka ML-DSA-65)    */
     PUBKEY_ALGO_DIL5_448    = 36, /* Dilithium5 + Ed448   (aka ML-DSA-87)    */
     PUBKEY_ALGO_SPHINX_SHA2 = 41, /* SPHINX+-simple-SHA2  (aka SLH-DSA-SHA2) */
diff --git a/g10/keygen.c b/g10/keygen.c
index 9b7212f0e..98608ad96 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -48,9 +48,10 @@
 
 
 /* The default algorithms.  If you change them, you should ensure the
-   value is inside the bounds enforced by ask_keysize and gen_xxx.
-   See also get_keysize_range which encodes the allowed ranges.  The
-   default answer in ask_algo also needs to be adjusted.  */
+ * value is inside the bounds enforced by ask_keysize and gen_xxx.
+ * See also get_keysize_range which encodes the allowed ranges.  The
+ * default answer in ask_algo also needs to be adjusted.  For Kyber
+ * keep the values set in generate_subkeypair in sync.  */
 #define DEFAULT_STD_KEY_PARAM  "ed25519/cert,sign+cv25519/encr"
 #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
 #define PQC_STD_KEY_PARAM      "bp384/cert,sign+kyber768_bp256/encr"
@@ -1399,14 +1400,6 @@ write_keybinding (ctrl_t ctrl, kbnode_t root,
       /* The required libgcrypt 1.11 won't yet claim a compliant RNG.  */
       && gnupg_rng_is_compliant (CO_DE_VS))
     oduap.cpl_notation = "de-vs";
-  else if ((use & PUBKEY_USAGE_ENC)
-           && sub_pk->pubkey_algo == PUBKEY_ALGO_KYBER
-           && PUBKEY_ALGO_KYBER == 29)
-    {
-      /* FIXME: This can be removed as soon as we have implemented the
-       * final fips-203 specification.  */
-      oduap.cpl_notation = "fips203.ipd.2023-08-24";
-    }
   else
     oduap.cpl_notation = NULL;
   oduap.pk = sub_pk;
@@ -2601,6 +2594,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
   if (r_keygrip)
     tty_printf (_("  (%d) Existing key from card%s\n"), 14, "");
 
+  /* Reserve 15 for ECC or Dilithium primary + Kyber subkey.  */
+  if (addmode)
+    {
+      tty_printf (_("  (%d) Kyber (encrypt only)%s\n"), 16, "");
+    }
+
   for (;;)
     {
       *r_usage = 0;
@@ -2884,6 +2883,12 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
           free_keypair_info (keypairlist);
           break;
 	}
+      else if ((algo == 16 || !strcmp (answer, "kyber")) && addmode)
+        {
+          algo = PUBKEY_ALGO_KYBER;
+          *r_usage = PUBKEY_USAGE_ENC;
+          break;
+	}
       else
         tty_printf (_("Invalid selection.\n"));
 
@@ -6493,7 +6498,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
     }
   else
     {
-      kbnode_t node;
       PKT_public_key *pk = find_kbnode (pub_root,
                                         PKT_PUBLIC_KEY)->pkt->pkt.public_key;
       print_status_key_created (did_sub? 'B':'P', pk,
@@ -6501,18 +6505,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
       es_fflush (es_stdout);
       if (any_adsk)
         log_info (_("Note: The key has been created with one or more ADSK!\n"));
-
-      for (node=pub_root; node; node = node->next)
-        if ((node->pkt->pkttype == PKT_PUBLIC_KEY
-             || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
-            && node->pkt->pkt.public_key->pubkey_algo == PUBKEY_ALGO_KYBER)
-          {
-            log_info ("Note: The key uses the Kyber algorithm from"
-                      " a draft specification\n");
-            log_info ("      This is EXPERIMENTAL only;"
-                      " the final version will not be compatible!\n");
-            break;
-          }
     }
 
   release_kbnode (pub_root);
@@ -6730,6 +6722,11 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
           if (curve && (!strcmp (curve, "X448") || !strcmp (curve, "Ed448")))
             keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
         }
+      else if (algo == PUBKEY_ALGO_KYBER)
+        {
+          nbits = 768;
+          curve = "brainpoolP256r1";
+        }
       else
         nbits = ask_keysize (algo, 0);