Hi Raymond, I went ahead and provided this response in the support ticket you opened. I wanted to copy it here for posterity, in case someone else needs the same information later.
I believe you should be able to pull the public key for setting a user’s password by first getting their existing password setting:
I also performed a bit of additional research with google, and found this document that seems to have a good explanation of RSA encryption and how it can be performed using a public key.
As for the required permissions, we can see this note in the document you linked:
The password can only be set by the actual identity owner or by a trusted API client application.
The way I interpret this is that the API endpoint can be used to update passwords if you are authenticated as the actual identity whose password is changing, or you may also be able to perform this change authenticated as an ORG_ADMIN.
I hope this is helpful.