The documentation of vsftpd is quite good (https://security.appspot.com/vsftpd/vsftpd_conf.html), however I cannot find some details on how to use public key authentication. I know that I need require_cert and maybe validate_cert, but where do I put the public client keys, which are accepted for authentication? I cannot find information on that.
vsftpd is for FTP, FTP by its very nature is not encrypted (ftp over ssl is another matter)
You can't set up public key authentication with vsftpd - you are getting confused between FTPs and SFTP which are two different protocols.
To use public key authentication for SFTP it is just a matter of installing your public key on the server, as you would for ssh as detailed here - http://www.noah.org/wiki/SSH_public_keys
With this configuration, you can use OpenSSH's implementation of SFTP authentication.
If you are talking about setting up FTPs or FTP over SSL then this guide will be useful - http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29
This example, however, is not public key auth, its just server-side authentication and useful for encrypting your FTP connection.