You can however sign with the private key and verify the signature with the public key.
While the math involve makes sense when the key roles are reversed (and this is how signatures work), encrypting for privacy doesn't make much sense when the decryption key is well know and public.
If you want to protect against generation of licences by someone else, you ought to be signing, not encrypting. Encryption prevents against reading of data by third parties, and signing prevents against writing of data by third parties. If you encrypt with your private key, you won't be protecting against reading of your data by third parties since there's no reason to believe that your intended public key recipients won't share (intentionally or otherwise) the key with anyone else.
bad key issue:
Ok, found what the issue is: needed to tell makecert 1) that's certificate's subject key type is for "Exchange" 2) to mark private key as exportable
so makecert call looks like
makecert.exe Test.cer -r -n "CN=Test Subject" -sr LocalMachine -ss My -sky Exchang
cert cannot be found:
don't use x64 command to make cert
return certificate.PublicKey.Key as RSACryptoServiceProvider;
return certificate.PrivateKey as RSACryptoServiceProvider;