Hi,
I think that part of documentation is obsolete. SAP uses this to protect credit card details if stored in SAP. I don't think you need additional product for this but I am not 100% sure.
If you do "where used" for this FM you will see that it's used in method EXTERNAL_ENCYPTING of class CL_PCA_SECURITY. This may give you an idea how to call this FM. From top of my head you can define an application in table SSFARGS. Here you define which PSE with certificate will be used and corresponding options for output format and algorithms. You can use FM SSF_GET_PARAMETER to read these settings from this table for an application. In reciepient list you need to use values returned by SSF_GET_PARAMETER. Unless you protect PSE with password you don't have to populate STR_PAB_PASSWORD. STR_PAB comes from SSF_GET_PARAMETER.
You can also see how it's done in report SSF01.
Cheers